[Xorg] The big multiconsole nasty
michel at daenzer.net
Wed Jul 7 09:24:14 PDT 2004
On Wed, 2004-07-07 at 08:31 -0700, Jon Smirl wrote:
> --- Michel Dnzer <michel at daenzer.net> wrote:
> > I've said it many times, I'll say it again: I consider this a myth.
> > The register values don't become magically secure just because the
> > kernel writes them to the hardware instead of a user process. A
> > good part of the mode setting code will always have to be
> > privileged one way or the other.
> Security means that the API is protected from from compromising the
> overall security of the system. System security does not require
> preventing you from writing the wrong values into register as long as
> we are sure that those values can't be used to compromise system
> security. Call mode validation something else, it is not security.
I never said 'system security', did I, but call it safety if you will.
> You can't stop the user from hitting the monitor with a sledge hammer either.
True, but that's not quite the same thing as a random unprivileged
program (a worm, say) destroying the monitor (or the graphics card, or
other hardware)... I'm not sure the user would like that.
Earthling Michel Dänzer | Debian (powerpc), X and DRI developer
Libre software enthusiast | http://svcs.affero.net/rm.php?r=daenzer
More information about the xorg