bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The (in)security of Xorg and DRI

from [Pavel Kankovsky] [Permanent Link][Original]
To: Darren Reed <avalon@caligula.anu.edu.au>
Subject: Re: The (in)security of Xorg and DRI
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
Date: Wed, 27 Dec 2006 00:20:14 +0100 (CET)
Cc: bugtraq@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
In-reply-to: <200612140040.kBE0exUX017795@caligula.anu.edu.au>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
Sender: peak@paddy.troja.mff.cuni.cz 
On Thu, 14 Dec 2006, Darren Reed wrote:

> In recent discussion, the topic of the Xorg server being a huge
> security vulnerability because of its DRI model has come up.
> 
> The problem being that you have user space code communicating
> with chips in the system and being able to control DMA and what
> goes which way on the system bus...

Afaik, kernel DRM (*) drivers are supposed (**) not to provide direct
control over unsafe features of the hardware (***).

(*) Direct Rendering Manager.
(**) The "strength of function" is, of course, a different question.
(***) See <http://dri.sourceforge.net/doc/security_low_level.html>

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LuckyBot v3 Remote File Include, Stuart Moore
Next by Date:  Re: XSS with Vbulletin (new idea !), bas
Previous by Thread:  Re: The (in)security of Xorg and DRI, Darren Reed
Next by Thread:  GenesisTrader v1.0 - Multiple Vulnerabilities, mr_kaliman
Indexes:  [Date] [Thread] [Top] [All Lists]