On 8/3/05, Dave Airlie <[EMAIL PROTECTED]> wrote: > > restricted to the first process that opens the DRM device. Of couse > > that process may not be an Xserver. > > > > Can people add notes about possible security problems with each of these? > > > > You've missed all the driver ioctls.. please make a list of current driver > ioctls that need root as well..
I was saving them until we went through the base ones first. > > I'm not over-the-moon about this approach of changing the system to be > default allow anything and adding root checks, I'd rather it was default > root check and overrideable to allow non-root... I started off that way but then I figured out that very few ioctl need to require root. That would require adding about 70 root checks and then turning around and eliminating most of them immediately since mesa uses almost all of the ioctls (indirect is the only exception I know of) We can get the same effect just by inspecting the list of ioctls. > > Dave. > > -- > David Airlie, Software Engineer > http://www.skynet.ie/~airlied / airlied at skynet.ie > Linux kernel - DRI, VAX / pam_smb / ILUG > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > -- > _______________________________________________ > Dri-devel mailing list > Dri-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dri-devel > -- Jon Smirl [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel
