[Xorg] The big multiconsole nasty

Michel Dänzer michel at daenzer.net
Wed Jul 7 09:24:14 PDT 2004


On Wed, 2004-07-07 at 08:31 -0700, Jon Smirl wrote:
> --- Michel Dnzer <michel at daenzer.net> wrote:
> > I've said it many times, I'll say it again: I consider this a myth.
> > The register values don't become magically secure just because the
> > kernel writes them to the hardware instead of a user process. A 
> > good part of the mode setting code will always have to be 
> > privileged one way or the other.
> 
> Security means that the API is protected from from compromising the
> overall security of the system. System security does not require
> preventing you from writing the wrong values into register as long as
> we are sure that those values can't be used to compromise system
> security. Call mode validation something else, it is not security. 

I never said 'system security', did I, but call it safety if you will.

> You can't stop the user from hitting the monitor with a sledge hammer either.

True, but that's not quite the same thing as a random unprivileged
program (a worm, say) destroying the monitor (or the graphics card, or
other hardware)... I'm not sure the user would like that.


-- 
Earthling Michel Dänzer      |     Debian (powerpc), X and DRI developer
Libre software enthusiast    |   http://svcs.affero.net/rm.php?r=daenzer





More information about the xorg mailing list