On Monday 20 June 2005 00:03, Jon Smirl wrote: > On 6/18/05, Adam Jackson <[EMAIL PROTECTED]> wrote: > > Obviously determining which sets of registers can be mapped through the > > drm is a card-by-card problem. Different cards have different register > > maps, by definition. But the DRI drivers work as a normal user _right_ > > _now_, and (modulo mach64 and possibly r300) they seem to be secure. > > There are more security holes than just restricting AddMap. If a > normal user has register access to some cards (like the radeon), they > can program the DMA controller to write into system RAM. You can use > the ability to write into system RAM to gain root priv. I don't think > we have good enough docs on any of the cards to says with 100% > certainty that it is safe to allow a normal user access to the > registers.
You still sound really confused here. You say there are more holes than just AddMap, but then go on to describe the hole in AddMap. The DMA controller doesn't just magically show up in a process' address space. It has to have been set up first, either through drmAddMap from a process running as root (and subsequent authorization and drmMap sequence), or from DRM setup (and auth and drmMap). - ajax
pgp7pQ1Q9v8ic.pgp
Description: PGP signature
