| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9e4733910705211029o177463aakaf476cd927359473@mail.gmail.com> Date: Mon, 21 May 2007 13:29:32 -0400 From: "Jon Smirl" <jonsmirl@...il.com> To: "Dave Airlie" <airlied@...il.com> Cc: "Jesse Barnes" <jbarnes@...tuousgeek.org>, "Jesse Barnes" <jesse.barnes@...el.com>, linux-kernel@...r.kernel.org, "Antonino A. Daplas" <adaplas@...il.com> Subject: Re: [RFC] enhancing the kernel's graphics subsystem On 5/21/07, Dave Airlie <airlied@...il.com> wrote: > > 3) Eliminate the need for a root priv controlling process. Get rid of > > the potential for a security hole. > > Stupid idea, we need something to control policy, this isn't going in > the kernel, it can be a lot smaller than X and auditable.. sticking > the DRI protocol in the kernel is just pointless.. Try to be more flexible with your thinking. It is ok to have a transient, privileged command line app that does something like assign an output to be under the control of a specific CRTC. I have no problem with some of the IOCTLs requiring root priv. What is not ok is to require a permanently running root priv process. If the code is going to always be running make it as small as possible and put it in the device driver. -- Jon Smirl jonsmirl@...il.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists