[Intel-gfx] [PATCH 1/2] drm/core: Preserve the framebuffer after removing it.
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Wed Sep 9 09:15:05 PDT 2015
On 09/09/2015 05:07 PM, Daniel Vetter wrote:
> On Wed, Sep 9, 2015 at 6:03 PM, Tvrtko Ursulin
> <tvrtko.ursulin at linux.intel.com> wrote:
>> It was just an example of a class of vulnerabilities which would be possible
>> with these changes. If they, as you said, will preserve the last frame on
>> screen when the compositor crashes.
>
> If your compositor crashes something should take over, either fbdev
> (which force-restores) or a new compositor (system one or just the one
> that crashed, restarted). And on modern userspace logind has copies of
> the fds which it uses to make sure priviledges (i.e. master rights)
> don't escape to the wrong person.
The famous "should". fbdev is going out no? And attack just needs to
prevent compositor from starting again. Or a bug somewhere needs to do
that. Fact remains, before this = black screen, after this = last frame
with bank details or similar.
Change makes the scenario more likely, so what is the justification?
Only that modeset is hard on framebuffer owner exiting?
>> For me this is serious enough not to go this route.
>
> If that doesn't happen you have yet another bug in userspace. I don't
> think there's a real problem really.
If white hats had the imagination of black hats there would be no
problems whatsoever. :)
Tvrtko
More information about the Intel-gfx
mailing list