Darren J Moffat wrote:
> What is the method credential section of the SMF manifest used to
> start the vbios service ? ie what user/group id does it run as and
> what privileges(5) does it require.
It runs as root and needs to open /dev/xsvc to map the BIOS image. After
that, it needs to be able to do in/out assembly instruction (so,
basically, it needs to be able to set its IOPL to 3).
I haven't set so far any specific privilege on the daemon since either
/dev/xsvc or in/out look to me as a pretty good way to take over the
system, if vbiosd proves to be vulnerable.
Actually, though, we are a bit re-designing vbiosd (there was another
service that was only responsible of checking if gdm started and
receiving SIGTHAW to catch resumes that we are merging into vbiosd in
order to have a single service). Since that will likely lead to two
different threads, maybe we want to separate the privileges there? What
would be your suggestion?
>
> Does this case indirectly (or directly) solve the problems of suspend
> and resume for systems with ATI graphics cards ?
>
I don't think so. Xorg userland drivers do more than what we do and if
they don't manage to make ATI cards re-post, we're definitely not even
trying. Working on POSTing cards might be an extension of the project in
the future (if we get to do the post emulation well, then we could use
it to post VGA cards on SPARC, but it's not as straightforward as it may
sound), but so far there is no plan to support that.
- Enrico
