Dear VirtualGL community, I would like to know security implications of the EGL backend. The document https://rawcdn.githack.com/VirtualGL/virtualgl/3.1.1/doc/index.html#hd006003 says:
> When using the EGL back end, the only way to share the application server’s GPU(s) among multiple users is to grant those users access to the device(s) associated with the GPU(s). > ... > Yes Only users in the vglusers group can run OpenGL applications on the VirtualGL server (the configuration script will create the vglusers group if it doesn’t already exist.) This limits the possibility that an unauthorized user could snoop the 3D framebuffer device(s) and thus see (or alter) the output of a 3D application that is being used with VirtualGL. > No Any authenticated user can run OpenGL applications on the VirtualGL server. If it is necessary for users outside of the vglusers group to log in locally to this server and run OpenGL applications, then this option must be selected. My confusion here is whether a user can snoop and interfere with other users' 3D applications. My intuition is no, because processes are isolated by kernel (just as one user cannot touch another user's CUDA application). But then, what is the point of limiting GPU access to the vglusers group? Is the restriction an *additional* layer of caution just in case there is a security flaw in the GPU driver or kernel? For the GLX background, this old thread https://virtualgl-users.narkive.com/KHab71sF/security-issues-for-virtualgl clarifies the situation. When sharing an X server (:0), 1. A *remote* user can snoop *local* X user's keystrokes but not other *remote* user's. 2. A *remote* user can snoop other users' (local or remote) 3D rendering. (I think it might be useful if this is clarified in the documentation) Best regards, Takanori Nakane -- You received this message because you are subscribed to the Google Groups "VirtualGL User Discussion/Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/virtualgl-users/6a354f01-fc39-49e3-9f2c-d87e3636a091n%40googlegroups.com.
