Security question?
Thomas Hellström
unichrome at shipmail.org
Wed Nov 3 13:33:13 PST 2004
Hi!
I'm working on a way for the client XvMC lib to determine whether an X
server connection is local or not.
The best way I've come up with so far is for the client to allocate a
shared memory page, and fill it with a pattern which is seeded by a
pseudo-random 32-bit number. It then transmits this number and the
shared memory page ID to the server which tries to map the shared memory
page, verifies the pattern and returns either fault or OK.
The problem with this approach is that you can trick an X server to map
any shared memory page on a remote computer and verify the content of
that page as long as the content matches a certain pattern. The
propability, however, that a page matches this pattern and still has
valuable information is IMHO _extremely_ small.
Is this an acceptable approach security-wise?
Are there simpler ways?
It's not possible to use DRM authentication for this, since some XvMC
clients are not drm-aware.
/Thomas
More information about the xorg
mailing list