On Fri, Dec 23, 2011 at 8:35 PM, Kevin Chadwick <ma1l1ists@xxxxxxxxxxx> wrote: > On Fri, 23 Dec 2011 15:54:35 +0100 > Tom Gundersen wrote: > >> > [...] I have to disable 3d support on some machines, >> > due to the gaping security hole that graphics cards require [...] >> >> OT: >> >> Would you care to elaborate on this? What security hole do you have in mind? >> >> Cheers, >> >> Tom > > > http://marc.info/?l=openbsd-misc&m=114233317926101 > > And equivelent on Linux > > http://forums.grsecurity.net/viewtopic.php?f=3&t=47 > > You can use framebuffer mode or the nouveau driver instead of the > nvidia binary and still run X with RAWIO access disabled but with > limited acceleration. Right, now I got it. You mean that there is a security hole on the machines where you don't use the open source (i.e. KMS) drivers. This is correct. Thanks for the clarification. -t
