DRI2 Protocol Spec Draft
Kristian Høgsberg
krh at bitplanet.net
Wed Sep 10 14:28:21 PDT 2008
On Wed, Sep 10, 2008 at 5:10 PM, Keith Packard <keithp at keithp.com> wrote:
> On Wed, 2008-09-10 at 14:09 -0400, Kristian Høgsberg wrote:
>
>> Everybody can talk to the DRM and create
>> a token, but only if you can pass it to the server over DRI2 protocol,
>> can you authenticate.
>
> Oh, so the cookie in the protocol is a client identifier of some kind.
>
> In any case, 32 bits of unique id isn't exactly high security; my
> thought was that we should allow the system to use a longer key to avoid
> spoofing.
No that's why the existing scheme is better, it doesn't rely on
random/cryptographical tokens. It just needs to be a unique handle
that lets the server identify the right client to authenticate. If
you can pass this token to the X server you're authenticated. What
better way to establish that than, erh, passing it through protocol?
The key point is that the server does the ioctl that authenticates the
client.
Kristian
More information about the xorg
mailing list