Re: i/o permissions again

From: Matan Ziv-Av (matan@svgalib.org)
Date: Mon 26 Feb 2001 - 13:36:13 IST

• Next message: Joakim Bomelin: "simple(?) question"
• Previous message: Mladen Gavrilovic: "Re: problem about open new virtual console with svgalib"
• Maybe in reply to: Mladen Gavrilovic: "i/o permissions again"
• Next in thread: Bart Oldeman: "Re: i/o permissions again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 24 Feb 2001, Jay Link wrote:

> > I'm not clear on why the executable must be owned and setuid to root.
> > Isn't this a bad thing?Why is a user logged in through a console not
> > able to execute SVGAlib programs on that console?
> 
> SVGAlib is faster than X because it writes directly to the video card.
> However, in Linux, programs that access hardware directly must be either
> run by root, or else setuid root.
> 
> It's not a bad thing because vga_init() relinquishes root priviledges.
> 
> Further, I believe that Matan is making the 2.xversion of SVGAlib in such
> a way that you no longer have to be root, because it writes to a new
> device called /dev/svga.

This requires a few clarifications:
X also writes directly to the hardware, and so, X needs root privileges
as well. The difference between programs using X and programs using
svgalib is that the X server is a different process, and programs draw
to it using an IPC mechanism. Svgalib functions run in the same process
that the actual program runs, and so the whole program needs the root
privileges (for the access setup stage).

About the /dev/svga device - this is a kind of a camouflage for the
proglem, and it does not increase safety by much. As currently
implemented it is even less safe. Instead of a few (tested) programs
being suid root and having access to the video hardware, now any user
who can run svgalib programs needs access rights to /dev/svga, which
means she has full access to the video card. On most video cards this
means an ability to crash the system, and on some cards an ability to
gain root provileges (though this is theoretically only. I never saw an
actual exploit).

The usefulness of the kernel module, comes in arbitrating access between
multiple programs and multiple cards, and eventually it will be as
secure as the current method, but no more.



-- 
Matan Ziv-Av.                         matan@svgalib.org


------------------------------------------------------------------
Unsubscribe:  To:   listbot@svgalib.org
              Body: unsubscribe linux-svgalib

• Next message: Joakim Bomelin: "simple(?) question"
• Previous message: Mladen Gavrilovic: "Re: problem about open new virtual console with svgalib"
• Maybe in reply to: Mladen Gavrilovic: "i/o permissions again"
• Next in thread: Bart Oldeman: "Re: i/o permissions again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed 21 Jan 2004 - 22:10:23 IST