On Mon, 24 Jul 2000, Khimenko Victor wrote:
> The whole problem is that there are NO reliable way to know which parts are
> needed by XFree86 (except to ask XFree86th driver but then what's the point:
> cracker will just give you hacked XFree86th driver).
What cracker? I'm trying to give XFree86 access to the video card without
giving it access to the SCSI controller, network card, etc.
XFree86 must be able to identify the video card resources accurately. What
I could do is run it on boot to locate the resources and tell the kernel
what constitutes "the video card". After that, I can drop CAP_SYS_RAWIO
and co, without preventing direct video access via CAP_SYS_DIRECTVIDEO or
whatever.
Simple approach: create /proc/sys/video-resources. On boot, you can write
a list of memory areas etc. which the video card is using. (This will
require CAP_SYS_RAWIO and CAP_SYS_ADMIN). Then, processes with only
CAP_SYS_DIRECTVIDEO can access these resources - no CAP_SYS_RAWIO needed.
Obviously, a cracker could replace the binary used to configure this at
boot, then reboot. For that matter, he could also delete the command to
drop CAP_SYS_RAWIO. Or do anything else nasty along those lines...
This is not aimed at further cracker-proofing, just more fine-grained
permissions. A system where processes run with lower privilege will be
slightly more secure.
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:16 EST