On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote: > On Wed, 2005-08-03 at 15:02 -0400, Jon Smirl wrote: > > On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote: > > > On Wed, 2005-08-03 at 14:39 -0400, Jon Smirl wrote: > > > > > ioctls where removing the root check introduces privelege escalation > > > > > for > > > > > users with read access to the DRM device (at least): > > > > > - DRM_R128_INDIRECT > > > > > - DRM_RADEON_INDIRECT > > > > > > > > How do we secure these? > > > > > > By requiring root. But I didn't review all the ioctls, so these might > > > not be all of the root-requiring ioctls that continue to need it. > > > > I thought we built a command verifier to check things like this. Does > > DRM need to copy, verify, then > > These are the indirect ioctls, which allow the X Server to submit a > buffer of any commands it wants. You could probably build a (or extend > the current) verifier for the all the things the X Server has done > through that ioctl, but that hasn't been done.
So there is probably a general security hole here if I can convice the Xserver to use the buffer addresses I want. Who uses these? They aren't used in the mesa tree. > > -- > Eric Anholt [EMAIL PROTECTED] > http://people.freebsd.org/~anholt/ [EMAIL PROTECTED] > -- Jon Smirl [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel