On 8/3/05, Michel Dänzer <[EMAIL PROTECTED]> wrote: > On Wed, 2005-08-03 at 15:02 -0400, Jon Smirl wrote: > > On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote: > > > On Wed, 2005-08-03 at 14:39 -0400, Jon Smirl wrote: > > > > > ioctls where removing the root check introduces privelege escalation > > > > > for > > > > > users with read access to the DRM device (at least): > > > > > - DRM_R128_INDIRECT > > > > > - DRM_RADEON_INDIRECT > > > > > > > > How do we secure these? > > > > > > By requiring root. But I didn't review all the ioctls, so these might > > > not be all of the root-requiring ioctls that continue to need it. > > > > I thought we built a command verifier to check things like this. > > These ioctls are designed for privileged clients like the current DDX > drivers and thus unchecked.
Ok, that's not inconsistent with what I am trying to do. I can just add a root capability check on those two IOCTLs. From IRC see I see that they are only used by the Xserver internally. Mesa doesn't need them. -- Jon Smirl [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel