[rfc] VIA dri and security.
alan at lxorguk.ukuu.org.uk
Mon Oct 11 06:00:30 PDT 2004
On Llu, 2004-10-11 at 09:42, Thomas Hellström wrote:
> So what is your actual suggestion?
> Export read-write as default or, as proposed, export read-write when
> "AllowInsecureDRI" is enabled in the X server config?
AllowInsecureDRI is less secure than forcing users to run things as root
or fix the code. And we want that code in kernel and causing pain in
order to make people fix it 8)
If I setuid an app then it depends if that one app is trojanned. If I
have AllowInsecureDRI then any trojanned or hostile app gets you.
What I think you do want to avoid would be something like "DRI is faster
as root", which sends all the wrong signals.
More information about the xorg