On Tue, Sep 4, 2018 at 9:05 PM, Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote: > > > On Tue, 4 Sep 2018, Daniel Vetter wrote: > >> With kms you need logind or someone like that who orchestrates the vt >> switching and makes sure you can read/write other people's stuff. > > BTW. I'm just wondering how is this 'master mode' security working at all. > > The user start Xserver under the user's UID and the Xserver asks logind to > set master mode on the DRM file descriptor. > > There are plenty of ways how the user can steal a file descriptor from the > Xserver that is running under the same UID - for example: > - setting LD_PRELOAD to inject a library into the Xserver > - calling ptrace on the Xserver process > - opening /proc/`pidof Xorg`/fd > > When one of the user's processes has a handle in 'master mode', any other > user's process can steal it. So what does these 'master mode' restrictions > really protect against? Other users. And there _are_ people sufficiently paranoid who disable ptrace and all that stuff you brought up, e.g. through selinux policies. -Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel