Re: The (in)security of Xorg and DRI

To: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Subject: Re: The (in)security of Xorg and DRI
From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Dec 2006 00:20:14 +0100 (CET)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200612140040.kBE0exUX017795@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: peak@xxxxxxxxxxxxxxxxxxxxxxx

On Thu, 14 Dec 2006, Darren Reed wrote:

> In recent discussion, the topic of the Xorg server being a huge
> security vulnerability because of its DRI model has come up.
> 
> The problem being that you have user space code communicating
> with chips in the system and being able to control DMA and what
> goes which way on the system bus...

Afaik, kernel DRM (*) drivers are supposed (**) not to provide direct
control over unsafe features of the hardware (***).

(*) Direct Rendering Manager.
(**) The "strength of function" is, of course, a different question.
(***) See <http://dri.sourceforge.net/doc/security_low_level.html>

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

References:
- The (in)security of Xorg and DRI
  - From: Darren Reed

Prev by Date: Re: LuckyBot v3 Remote File Include
Next by Date: Re: XSS with Vbulletin (new idea !)
Previous by thread: Re: The (in)security of Xorg and DRI
Next by thread: GenesisTrader v1.0 - Multiple Vulnerabilities
Index(es):
- Date
- Thread