Re: Add a "enable" sysfs attribute to the pci devices to allow userspace (Xorg) to enable devices without doing foul direct access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>
> That's a great indication of why securelevels aren't.
> It pretty much fits the Linux model of "once you're root, you can do
> anything".  The POSIX Capabilities really don't help either.
> I suppose SELinux might be able to help, but I don't care to get into
> that discussion here ;-)

And there is the root exploit found by Coverity this week too:
http://news.yahoo.com/s/zd/20060502/tc_zd/177195

X is multiple megabytes of code needlessly running as root. If we
could convince X to use device drivers to talk to the hardware it
wouldn't need to run as root.  This is part of why I am against this
patch, it is another crutch to let X keep on running as root instead
of fixing the underlying problem.


That root hole is weeks old by now, just got to yahoo today, what you
say is true, however we can't just turn all the things in Linux off
that make X run as root, and then say go fix X we don't care. There
are steps to be taken, unfortunately they are neither pretty or can be
done really quickly....

Dave/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux