--- Alan Cox <[EMAIL PROTECTED]> wrote: > On Mer, 2004-05-19 at 01:35, Jon Smirl wrote: > > Why does VT switch have to be in the kernel? I can have multiple xterms > logged > > in as different users without kernel support. Why can't VT switching be > > implemented as if I was switching between multiple fullscreen xterms? I > guess I > > don't see why there is a difference between multiple xterms and VT's. I can > use > > su to set the xterm to any account. > > You trust the X server. Thats already problematic with SELinux and > compartmentalisation. For some things you need multiple X-servers for > this reason.
If we are going to build a new user space console, let's work with the SELinux people from the beginning to make it trustworthy. User space console could look just like the current VT system and run each session full screen. That stops the scraping the screen attack. xserver draws each app into it's own pbuffer. The individual apps don't have access to the main framebuffer. A properly designed xserver should be free from the screen scraping attack too. The DRM module will have to make sure you can't read buffers that don't belong to you. I don't want to go the model of running multiple X servers on the same hardware again. That path causes all of the problems with multitasking the device drivers on to the same piece of hardware. ===== Jon Smirl [EMAIL PROTECTED] __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click -- _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel