On Thu, 2005-08-04 at 00:44 +0100, Dave Airlie wrote: > > restricted to the first process that opens the DRM device. Of couse > > that process may not be an Xserver. > > > > Can people add notes about possible security problems with each of these? > > > > You've missed all the driver ioctls.. please make a list of current driver > ioctls that need root as well.. > > I'm not over-the-moon about this approach of changing the system to be > default allow anything and adding root checks, I'd rather it was default > root check and overrideable to allow non-root...
I'm mixed. I'm fine with having the root checks be special cases in the few ioctls that need it, when I've seen a review of every one from which the root check is being removed. The two flags in the ioctl descriptions currently are pretty unreadable, 3 would be even more confusing. Oh, and also this is as long as those root checks in the shared code get wrapped in an appropriate macro/function (taking no arguments). -- Eric Anholt [EMAIL PROTECTED] http://people.freebsd.org/~anholt/ [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel
