On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote: > On Wed, 2005-08-03 at 17:10 -0400, Jon Smirl wrote: > > On 8/3/05, Michel Dänzer <[EMAIL PROTECTED]> wrote: > > > On Wed, 2005-08-03 at 16:18 -0400, Jon Smirl wrote: > > > > On 8/3/05, Michel Dänzer <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > They aren't used in the mesa tree. > > > > > > > > > > So why did you change their requiring root? > > > > > > > > The version of Xegl I am making does not run as root. [...] > > > > > > I know. You missed my question: Why do you change the behaviour of code > > > that doesn't affect what you're trying to achieve? > > > > The original code did not separate the concept of auth and root, they > > were implemented as the same bit. I had to separate the concepts. I > > kept all of the code implementing auth unchanged. > > > > There was a single check looking for root across all IOCTLs. I had to > > remove that check. Now we have have to identify the IOCTLs that > > really require root and add the check specifically to them. So far > > there are only two: addmap and indirect. > > > > I could have made three bits: auth_needed, root_only, master. But > > that was a lot of deltas to implement a root_only bit which is only > > needed for indirect. Instead it is easier to just add a capability > > root check in the ioctl. > > In your previous patch you removed the root check entirely, even though > that lead to vulnerabilities. I pointed out two cases, but I didn't > review all the ioctls. Before a patch based on this goes in, I would > like a review of every previously root-requiring ioctl to explain why > it's okay to not require root on it now.
I have been asking on this list for a month now for everyone to help locate where there are vulnerabilities with dropping root priv. Multiple people have told me that AddMap was the only problem. You just pointed out another one with radeon/r128 indirect. > Alternatively, you could do what Michel suggested: make only the changes > that are required for your nonroot case, so that the security > implications are (relatively) obvious. Mesa hits every main DRM entry point. I believe the problem is now with the drivers. Are there other X only driver entry points? It is more reliable if you can just tell me what are the likely problem areas than it is for me to go grepping around xorg trying to figure out what it uses. Any ioctl that is X only can be set to require root priv. > > -- > Eric Anholt [EMAIL PROTECTED] > http://people.freebsd.org/~anholt/ [EMAIL PROTECTED] > -- Jon Smirl [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel
