X11 still uses /dev/mem ?

Adam Jackson ajax at nwnk.net
Mon Feb 22 13:11:20 PST 2010


On Mon, 2010-02-22 at 18:59 +0000, Nix wrote:
> On 22 Feb 2010, Adam Jackson verbalised:
> > That, and device permissions on /dev/dri/whatever, and that GEM objects
> > are globally visible so you're still trusting that multiple X servers
> > don't intentionally snoop on each other.
> 
> Device permissions are fixable with one udev rule / chown / chmod /
> whatever. The 'intentionally snooping X servers' problem only allows
> users to spy on other users (and perhaps bash their 3D state), but
> doesn't allow arbitrary code execution as root unless there are more
> bugs allowing users to instruct the GPU to DMA stuff to arbitrary parts
> of system RAM (in which case we have a security hole even in the absence
> of multiple users).

You're typically not allowed to screen-scrape other users' X sessions.
So even though this isn't a root-escalation issue, it's still weaker
than what X currently enforces.

I'm not saying running X not as uid 0 isn't a worthy goal, just that
allowing arbitrary users to touch the drm device is not currently a
great idea.

> Input device revocation still seems important though :( a shame there's
> no workaround, even if a hacky one :/ we don't realy need generalized
> revoke() for this, do we? Just revoke() on a limited class of devices?

Correct.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.x.org/archives/xorg/attachments/20100222/4149bd9d/attachment.pgp>


More information about the xorg mailing list