[Mesa-dev] [PATCH 5/7] intel: Skip looking at driver debug flags when setuid.

[Eric Anholt]

The idea is that when the driver is loaded by the setuid root X
Server, you don't want the driver debug flags to apply in case they
can be used for nefarious purposes.
---
 src/mesa/drivers/dri/intel/intel_context.c |    6 +++++-
 src/mesa/drivers/dri/intel/intel_screen.c  |   20 +++++++++++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/src/mesa/drivers/dri/intel/intel_context.c b/src/mesa/drivers/dri/intel/intel_context.c
index 3101ef2..174cf88 100644
--- a/src/mesa/drivers/dri/intel/intel_context.c
+++ b/src/mesa/drivers/dri/intel/intel_context.c
@@ -25,6 +25,7 @@
  * 
  **************************************************************************/
 
+#include <unistd.h>
 
 #include "main/glheader.h"
 #include "main/context.h"
@@ -728,7 +729,10 @@ intelInitContext(struct intel_context *intel,
       break;
    }
 
-   INTEL_DEBUG = driParseDebugString(getenv("INTEL_DEBUG"), debug_control);
+   if (geteuid() == getuid()) {
+      INTEL_DEBUG = driParseDebugString(getenv("INTEL_DEBUG"), debug_control);
+   }
+
    if (INTEL_DEBUG & DEBUG_BUFMGR)
       dri_bufmgr_set_debug(intel->bufmgr, true);
 
diff --git a/src/mesa/drivers/dri/intel/intel_screen.c b/src/mesa/drivers/dri/intel/intel_screen.c
index d477aaf..8b5fb5a 100644
--- a/src/mesa/drivers/dri/intel/intel_screen.c
+++ b/src/mesa/drivers/dri/intel/intel_screen.c
@@ -25,6 +25,7 @@
  * 
  **************************************************************************/
 
+#include <unistd.h>
 #include <errno.h>
 #include "main/glheader.h"
 #include "main/context.h"
@@ -600,8 +601,12 @@ intel_init_bufmgr(struct intel_screen *intelScreen)
    __DRIscreen *spriv = intelScreen->driScrnPriv;
    int num_fences = 0;
 
-   intelScreen->no_hw = (getenv("INTEL_NO_HW") != NULL ||
-			 getenv("INTEL_DEVID_OVERRIDE") != NULL);
+   if (geteuid() != getuid()) {
+      intelScreen->no_hw = false;
+   } else {
+      intelScreen->no_hw = (getenv("INTEL_NO_HW") != NULL ||
+			    getenv("INTEL_DEVID_OVERRIDE") != NULL);
+   }
 
    intelScreen->bufmgr = intel_bufmgr_gem_init(spriv->fd, BATCH_SZ);
    if (intelScreen->bufmgr == NULL) {
@@ -638,6 +643,9 @@ intel_init_bufmgr(struct intel_screen *intelScreen)
 static void
 intel_override_separate_stencil(struct intel_screen *screen)
 {
+   if (geteuid() != getuid())
+      return;
+
    const char *s = getenv("INTEL_SEPARATE_STENCIL");
    if (!s) {
       return;
@@ -721,9 +729,11 @@ __DRIconfig **intelInitScreen2(__DRIscreen *psp)
     * This implies INTEL_NO_HW, to avoid programming your actual GPU
     * incorrectly.
     */
-   devid_override = getenv("INTEL_DEVID_OVERRIDE");
-   if (devid_override) {
-      intelScreen->deviceID = strtod(devid_override, NULL);
+   if (geteuid() == getuid()) {
+      devid_override = getenv("INTEL_DEVID_OVERRIDE");
+      if (devid_override) {
+	 intelScreen->deviceID = strtod(devid_override, NULL);
+      }
    }
 
    intelScreen->kernel_has_gen7_sol_reset =
-- 
1.7.9.1