Xegl lives!

[Adam Jackson]

On Sunday 29 May 2005 14:32, Jon Smirl wrote:
> On 5/29/05, Adam Jackson <ajax at nwnk.net> wrote:
> > Setting the mode to something the monitor does not support, does not
> > represent a privilege escalation.  It does not represent a way for the
> > user to get access to data they do not normally have.  All it represents
> > is the ability to turn broken hardware into non-functional hardware.
>
> Alan Cox specifically requested that setting arbitrary modes be
> restricted to root.

You do realize this is an appeal to authority, right?  And that other 
platforms are free to realize that this particular choice is bogus?

> > So as far as I can see, your assertion that userspace mode setting
> > requires root depends solely on the assumption that it is the job of the
> > privilege model to protect the hardware.  And it's not.  The job of the
> > privilege model is to protect the software.
>
> I'm also a believer in the OS being there to stop an unprivileged user
> from destroying things. That includes burning out monitors and asking
> a disk to low level format itself. For example, should the OS prevent
> an unprivileged user from turning on disk level encryption? What if
> the user is a virus and doesn't tell you the password?

That's a case of the software wanting to protect the software.  If you forget 
the password, the OS won't boot; if you set a bad video mode, you can still 
ssh in and fix it.

At the risk of running this conversation in circles, my point was simply that 
running the server as non-root does not necessarily imply kernel-level mode 
setting.  I've heard your motivations (users are dumb and Alan says so) and I 
don't agree that they're sufficient.  If it were my OS, we wouldn't do mode 
setting in the kernel.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20050529/8b2a617d/attachment.pgp>