[Xorg] DRI merging

Keith Packard keithp at keithp.com
Sun Jun 13 17:39:12 PDT 2004


Around 20 o'clock on Jun 13, Alan Cox wrote:

> Secondly every line of code you put in the kernel has to be audited,
> analysed and can introduce security holes or crash the machine.

The same is (alas) all too true for code within the X server as well.  An 
ideal situation would have the X server running unprivledged on top of a 
kernel driver that validated commands to the graphics card.  That's one of 
the motivations to moving to a DRI-like environment for the X server.
Using the OpenGL API provides that in a more "vendor neutral" way than 
going directly to DRI.

However, even for plain 2D only X servers, I would advocate a similar 
driver architecture, albiet with a significantly simpler kernel module.

Do everything possible in user mode, but no more.

-keith


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20040613/c74cb274/attachment.pgp>


More information about the xorg mailing list