On 4 August 2016 at 18:06, David Herrmann <dh.herrmann@xxxxxxxxx> wrote: > The legacy DRI1 drivers expose highly broken interfaces to user-space. No > modern system should enable them, or you will effectively allow user-space > to circumvent most of your kernel security measures. The DRI1 kernel APIs > are simply broken. > > User-space can always use vesafb/efifb/simplefb and friends to get working > graphics. > > Lets hide the old drivers behind CONFIG_BROKEN. In case they turn out to > be still used (really?), we can easily revert this and figure out a way to > move them out of sight (e.g., moving all DRI1 drivers to > drivers/gpu/dri1/). > > Signed-off-by: David Herrmann <dh.herrmann@xxxxxxxxx> So my opinion is that no modern system enables them in practice. You can only load dri1 drivers on dri1 hardware, so you aren't exactly leaving yourself open to root holes here. If you mean the fact that we keep leaving the ioctls answering when dri2 drivers are loaded due to errors, then I hope we've figured all those out by now. Dave. _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
