> > AllowInsecureDRI is less secure than forcing users to run things as root > or fix the code. And we want that code in kernel and causing pain in > order to make people fix it 8) >
I'm really with Keiths don't let them do anything until someone fixes it .. makes life easier.. I don't think having in the mainline will force people to fix it any quicker, anyone capable of fixing it is probably on this list, (and in the via case on the unichrome one ..).. I've just thought of another issue with the validation (and I haven't reviewed the via code throughly...) but for the mach64 the problem was that after the validation the buffers were still mapped into the user application so it could modify them after validation if it was sufficently sneaky enough... for the mach64 the idea was to allocate a pool of private buffers using pci interfaces and use those to pass command streams after verification.. the user app wouldn't be able to map these... Dave. -- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied at skynet.ie pam_smb / Linux DECstation / Linux VAX / ILUG person ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl -- _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel