Graphics Driver Frameworks and Security
Alan Coopersmith
Alan.Coopersmith at Sun.COM
Tue May 16 08:23:08 PDT 2006
Xavier Bestel wrote:
> On Tue, 2006-05-16 at 12:45, Alan Cox wrote:
> [...]
>> Another way to think about this:
>>
>> Let us suppose that X has a security hole in some component. If that
>> component is driver level then putting the hole into the kernel instead
>> reduces security (as it is now even more privileged). If the hole is in
>> a component that is not driver level then it is better fixed by making
>> that part of the code unprivileged.
>
> Technically true, but practically it seems to me linux has more manpower
> to fix holes than X. That counts.
And all the other OS'es that use Xorg on a non-Linux kernel can go
jump in a lake? Xorg runs on lots of hardware on lots of kernels
today - how many would it run on if all the drivers had to be kernel
specific? (And lots of kernels applies to the many versions of Linux
too. Xorg runs on top of many different versions of the Linux kernel
without having to worry about the in-kernel interface changes between
them.)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the xorg
mailing list