On 04/11/2014 10:31 PM, David Herrmann wrote: > Hi > > On Fri, Apr 11, 2014 at 2:42 PM, Thomas Hellstrom <thellstrom@xxxxxxxxxx> wrote: >> as was discussed a while ago, there are some serious security flaws with >> the current drm master model, that allows a >> user that had previous access or current access to an X server terminal >> to access the GPU memory of the active X server, without being >> authenticated to the X server and thereby also access other user's >> secret information > 1a) and 1b) are moot if you disallow primary-node access but require > clients to use render-nodes with dma-buf. There're no gem-names on > render-nodes so no way to access other buffers (assuming the GPU does > command-stream checking and/or VM). Disallowing primary node access will break older user-space drivers and non-root EGL clients. I'm not sure that's OK, even if the change is done from user-space. A simple gem fix would also do the trick. > > 2) There is no DRM-generic data other than buffers that is global. So > imho this is a driver-specific issue. > > So I cannot see why this is a DRM issue. The only leaks I see are > legacy interfaces and driver-specific interfaces. The first can be > disabled via chmod() for clients, and the second is something driver > authors should fix. Yeah, but some driver authors can't or won't fix the drivers w r t this, hence the security levels. Thanks, /Thomas > > Thanks > David > _______________________________________________ > dri-devel mailing list > dri-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/dri-devel _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
