On Sat, Oct 11, 2003 at 12:57:00AM -0700, Ian Romanick wrote: > The context problems are even bigger than I thought. In order to remove > the call to XF86DRICreateContext in dri_util.c, I had to add a call to > drmCreateContext. However, it turns out that this DRM call is root-only. > > Can somebody please explain to me how it is more secure for the X-server > to do this than the DRI client? The only thing I could see is a > possible DoS attack (by using up all the DRM contexts), but that same > attack is possible via the X-server.
By enforcing the calls be made by the X server its guaranteed the client has been authenticated by it. See <http://dri.sourceforge.net/doc/drm_low_level.html>, section 2, point 2. The question is how should this principle be reformulated to meet the unified fbdev/XFree86 driver goal. > This dog must have already bitten the people doing stand-alone DRI work. > How did you get around it? In embedded-2-branch there was a server with root priveledges which replaced XFree86 for all initialization and contention purposes. AFAIK, in embedded-1-branch, programs must run as root. Jose Fonseca ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
