On Wed, Sep 10, 2008 at 5:10 PM, Keith Packard <[EMAIL PROTECTED]> wrote: > On Wed, 2008-09-10 at 14:09 -0400, Kristian Høgsberg wrote: > >> Everybody can talk to the DRM and create >> a token, but only if you can pass it to the server over DRI2 protocol, >> can you authenticate. > > Oh, so the cookie in the protocol is a client identifier of some kind. > > In any case, 32 bits of unique id isn't exactly high security; my > thought was that we should allow the system to use a longer key to avoid > spoofing.
No that's why the existing scheme is better, it doesn't rely on random/cryptographical tokens. It just needs to be a unique handle that lets the server identify the right client to authenticate. If you can pass this token to the X server you're authenticated. What better way to establish that than, erh, passing it through protocol? The key point is that the server does the ioctl that authenticates the client. Kristian _______________________________________________ xorg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xorg
