From: Matan Ziv-Av (matan@svgalib.org)
Date: Mon 26 Feb 2001 - 13:36:13 IST
On Sat, 24 Feb 2001, Jay Link wrote: > > I'm not clear on why the executable must be owned and setuid to root. > > Isn't this a bad thing?Why is a user logged in through a console not > > able to execute SVGAlib programs on that console? > > SVGAlib is faster than X because it writes directly to the video card. > However, in Linux, programs that access hardware directly must be either > run by root, or else setuid root. > > It's not a bad thing because vga_init() relinquishes root priviledges. > > Further, I believe that Matan is making the 2.xversion of SVGAlib in such > a way that you no longer have to be root, because it writes to a new > device called /dev/svga. This requires a few clarifications: X also writes directly to the hardware, and so, X needs root privileges as well. The difference between programs using X and programs using svgalib is that the X server is a different process, and programs draw to it using an IPC mechanism. Svgalib functions run in the same process that the actual program runs, and so the whole program needs the root privileges (for the access setup stage). About the /dev/svga device - this is a kind of a camouflage for the proglem, and it does not increase safety by much. As currently implemented it is even less safe. Instead of a few (tested) programs being suid root and having access to the video hardware, now any user who can run svgalib programs needs access rights to /dev/svga, which means she has full access to the video card. On most video cards this means an ability to crash the system, and on some cards an ability to gain root provileges (though this is theoretically only. I never saw an actual exploit). The usefulness of the kernel module, comes in arbitrating access between multiple programs and multiple cards, and eventually it will be as secure as the current method, but no more. -- Matan Ziv-Av. matan@svgalib.org ------------------------------------------------------------------ Unsubscribe: To: listbot@svgalib.org Body: unsubscribe linux-svgalib
This archive was generated by hypermail 2.1.4 : Wed 21 Jan 2004 - 22:10:23 IST