> > Attached patch fixes this and
> > buffer overflows in user (we'll need to make user suid in future
> > anyway, if we want ordinar users to access it, ain't we?)
>
> Actually, I think we should try to avoid that. I know that VMWare
> forces the user mode app to run as root, because they cannot allow
> non-root access to their device node. This is because they export
> extremely dangerous functionality via ioctl(); in fact, one of their
> ioctl()s basically says: here's a function pointer, please call this
> function while executing at ring-0 :-)
I agree with Ulrich. I don't want to open up the same security
risks that VMware does. My thoughts are the same, that VMware
does it this way in the name of protecting their source code.
Protecting their code is OK; exposing users to risks and then saying
your sofware provides an isolated sandbox is not so good.
-Kevin
