Announcement

Collapse
No announcement yet.

Working Out "Serious Security Flaws" In DRM Drivers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Working Out "Serious Security Flaws" In DRM Drivers

    Phoronix: Working Out "Serious Security Flaws" In DRM Drivers

    While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security...

    http://www.phoronix.com/vr.php?view=MTY2MTE

  • #2
    Wayland doesn't use DRM right?
    I mean, ofc it's going to have it's own set of security flaws among other bugs, but this giant mess that is "X.org security" won't affect those of us switching over when it's ready, right?

    Comment


    • #3
      Wayland is using DRM.

      Comment


      • #4
        Wailand uses DRM as well, DRI is the one specific to X. And I remember this security issues being also mentioned at the latest X.org conf, and they were supposed to be fixed, among other, by the switch to DRI3.

        Comment


        • #5
          Originally posted by Daktyl198 View Post
          Wayland doesn't use DRM right?
          I mean, ofc it's going to have it's own set of security flaws among other bugs, but this giant mess that is "X.org security" won't affect those of us switching over when it's ready, right?
          The whole DRM Master thing will affect Wayland, AFAIK. That being said, the split with Render Nodes may help that a little since its delegation of responsibilities. Wayland, however, is not affected by the mess of security issues that may be lurking in the 20+ yr old codebase that is Xorg. DRI3 + Present may have fixed a couple of these issues since now buffers are passed through DMA-BUF via file descriptors of a socket-- which is supposed to be more secure than however DRI2 handled it.

          Comment


          • #6
            I remember in the good old days, flaws in the DRM drivers like not clearing graphics memory and having images appear on the screen at untimely moments. For example while mode switching, or shutting down/restarting that goatse pr0n image might appear

            Comment


            • #7
              Originally posted by Grogan View Post
              I remember in the good old days, flaws in the DRM drivers like not clearing graphics memory and having images appear on the screen at untimely moments. For example while mode switching, or shutting down/restarting that goatse pr0n image might appear
              good 'ol times ?

              in what brave new world are you living in ?



              It's still like that

              Comment


              • #8
                Luckily, not so much problem on single-user machines.

                But hopefully Wayland is more secure.

                Comment


                • #9
                  Originally posted by Ansla View Post
                  Wailand uses DRM as well, DRI is the one specific to X. And I remember this security issues being also mentioned at the latest X.org conf, and they were supposed to be fixed, among other, by the switch to DRI3.
                  a couple points to make before people get too alarmed (or at least to put this in context):

                  1) this is strictly about information leaks. Not root escalation, or anything like that... I think drm and the open src drivers are at quite likely better than the closed src drivers in that regard.

                  2) render-nodes and dri3 do address the guessability of other drm-master's buffers (which only effects shared buffers, ie. ones with flink names)

                  3) the remaining point that Thomas is trying to make is that, some hardware there may not be isolation between different processes gpu buffers, ie. $evil_userspace could conceivable craft gpu commands to read out all your VRAM/etc. Of the top of my head, I believe intel/radeon/nouveau all support per-process pagetables to stop that, but not sure if it is on all hw generations/etc.

                  If you are really paranoid, you probably want to consider not using a gpu at all (on windows or linux, opensrc drivers or (especially) closed src drivers).

                  None of this is really news.

                  Comment


                  • #10
                    Originally posted by LightBit View Post
                    Wayland is using DRM.
                    Wayland doesn't know squat about graphics; I think you're talking about Weston.

                    Comment


                    • #11
                      Originally posted by robclark View Post
                      If you are really paranoid, you probably want to consider not using a gpu at all (on windows or linux, opensrc drivers or (especially) closed src drivers).

                      None of this is really news.
                      The man speaks the truth.

                      While uninteresting to most of us, it boils down to the following.

                      Physical access to a computer/device = Game over / Compromised
                      Remote access to a computer/device (even guest privs) = Game over / Compromised
                      Encrypted communication with a computer/device that requires 3rd party 'trust' = Game over / Compromised
                      Unencrypted communication with a computer/device = Game over / Compromised

                      It's a pretty sad state, and there's really not a heck of a lot we can do about it in the short term other than to stop pretending that we have secure devices and communication. People do think about fixing this stuff, but their numbers are nothing compared to those that think about breaking it. I'm pretty sure it's going to get worse before it gets better.

                      Comment


                      • #12
                        Originally posted by kernelOfTruth View Post
                        good 'ol times ?

                        in what brave new world are you living in ?



                        It's still like that
                        I haven't seen that in a long time, but it's LCD displays now and they take some time to mode switch, so there could just be a black screen in that instant most likely.

                        P.S. This is about images left on the screen at inopportune times. I said that this used to happen.

                        Comment

                        Working...
                        X