Bugtraq mailing list archives

Re: The (in)security of Xorg and DRI

From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 27 Dec 2006 00:20:14 +0100 (CET)

On Thu, 14 Dec 2006, Darren Reed wrote:

In recent discussion, the topic of the Xorg server being a huge
security vulnerability because of its DRI model has come up.

The problem being that you have user space code communicating
with chips in the system and being able to control DMA and what
goes which way on the system bus...


Afaik, kernel DRM (*) drivers are supposed (**) not to provide direct
control over unsafe features of the hardware (***).

(*) Direct Rendering Manager.
(**) The "strength of function" is, of course, a different question.
(***) See <http://dri.sourceforge.net/doc/security_low_level.html>

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

The (in)security of Xorg and DRI Darren Reed (Dec 14)
- Re: The (in)security of Xorg and DRI Nicolas RUFF (Dec 15)
  - Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
  - Re: The (in)security of Xorg and DRI Darren Reed (Dec 18)
- Re: The (in)security of Xorg and DRI Pavel Kankovsky (Dec 27)