txtoth at gmail.com
Fri May 30 09:28:45 PDT 2008
On Fri, May 30, 2008 at 9:57 AM, Alan Coopersmith
<Alan.Coopersmith at sun.com> wrote:
> Matthieu Herrb wrote:
>> There's one drawback though: the main X server keeps the privilege of
>> accessing the hardware directly, and it has been demonstrated (for
>> instance by Loic Duflot at CanSecWest 2006) that this makes it possible
>> for the X server to get kernel-level privileges (which is more than root
>> privileges, at least in the BSD securelevels model).
>> Hardware access definatly needs to be done in the kernel, with enough
>> checks to make sure that a malicious code injected in the X server (by
>> exploiting a bug) can't easily abuse the drm interface to control the
>> whole kernel.
> Right - that's the model we have in Solaris on SPARC, which always had
> in-kernel graphics drivers for all devices, and can run without ever
> having uid 0 privileges (we still run it setgid 0 so it can do things
> like power management & process priority boosting that the kernel
> restricts to gid 0). Since gdm/xdm/dtlogin start the server as root,
> we still use our setting pipe to drop to the user's uid at login.
> -Alan Coopersmith- alan.coopersmith at sun.com
> Sun Microsystems, Inc. - X Window System Engineering
All I actually know about SDTLOGIN is the little blurb I read in the
GDM docs. So could I please get a little background like what exactly
it is/how it works? By chance is there a patch that includes it?
More information about the xorg