DRI2 Protocol Spec Draft

Kristian Høgsberg krh at bitplanet.net
Wed Sep 10 14:28:21 PDT 2008

On Wed, Sep 10, 2008 at 5:10 PM, Keith Packard <keithp at keithp.com> wrote:
> On Wed, 2008-09-10 at 14:09 -0400, Kristian Høgsberg wrote:
>> Everybody can talk to the DRM and create
>> a token, but only if you can pass it to the server over DRI2 protocol,
>> can you authenticate.
> Oh, so the cookie in the protocol is a client identifier of some kind.
> In any case, 32 bits of unique id isn't exactly high security; my
> thought was that we should allow the system to use a longer key to avoid
> spoofing.

No that's why the existing scheme is better, it doesn't rely on
random/cryptographical tokens.  It just needs to be a unique handle
that lets the server identify the right client to authenticate.  If
you can pass this token to the X server you're authenticated.  What
better way to establish that than, erh, passing it through protocol?
The key point is that the server does the ioctl that authenticates the


More information about the xorg mailing list