libpciaccess on GNU/Hurd

Adam Jackson ajax at nwnk.net
Thu Nov 8 20:19:41 UTC 2018


On Wed, 2018-11-07 at 22:56 +0100, Samuel Thibault wrote:
> Adam Jackson, le mer. 07 nov. 2018 15:09:58 -0500, a ecrit:
> > Because the kernel is the one thing in a position to enforce access
> > exclusion.
> 
> root-owned processes can still use ioperm to get access to io ports and
> break that.

Maybe on your kernel. Mine doesn't allow ioperm even for root.

> > If you try to implement this with a userspace arbiter then
> > all you need to do to break it is run an old version of libpciaccess.
> 
> Sure. Except if ioperm is allowed only for the pci arbiter.

... but that's all you need. Call ioperm, if it succeeds you must be
the arbiter, so you install the x86 backend. If it fails you use the
arbiter backend. There's no reason for pci_system_init()'s caller to
care.

- ajax



More information about the xorg-devel mailing list