1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking Benchmarking Platform
Phoromatic Test Orchestration

Working Out "Serious Security Flaws" In DRM Drivers

X.Org

Published on 11 April 2014 09:13 AM EDT
Written by Michael Larabel in X.Org
11 Comments

While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security.

Thomas Hellstrom of VMware wrote on the Linux kernel mailing list, "as was discussed a while ago, there are some serious security flaws with the current drm master model, that allows a user that had previous access or current access to an X server terminal to access the GPU memory of the active X server, without being authenticated to the X server and thereby also access other user's secret information."

Security-related bugs within the open-source Linux graphics drivers and X.Org stack are sadly not a rare occurrence. The X.Org security has been characterized by experts as being a disaster that is worse than it looks. Improvements have been made and security vulnerabilities addressed, including some bugs that date back two decades.

Hellstrom is looking to improve the security around DRM drivers in situations like a user using an X.Org Server and locking the screen while an untrusted user could VT switch, open a DRM connection, and guess GEM handle names of the switched-away X Server to dump the video memory objects. There's no DRM driver currently that is immune against three different security flaws noted by Thomas.

In Hellstrom's email he lays out several possibilities for kernel DRM developers to address these security flaws. We'll see in future kernel releases what's done to improve the situation.

About The Author
Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via and or contacted via .
Latest Articles & Reviews
  1. Sub-$20 802.11n USB WiFi Adapter That's Linux Friendly
  2. The Lenovo T450s Is Working Beautifully With Linux
  3. Linux 4.0 SSD EXT4 / Btrfs / XFS / F2FS Benchmarks
  4. Linux 4.0 Hard Drive Comparison With Six File-Systems
  5. Lenovo ThinkPad T450s Broadwell Preview
  6. How Open-Source Allowed Valve To Implement VULKAN Much Faster On The Source 2 Engine
Latest Linux News
  1. Features Thus Far For The Linux 4.1 Kernel
  2. Intel's Turbostat Adds Skylake Support In Linux 4.1
  3. Microsoft's Open-Source Group Merges Back Into The Company
  4. EXT4 In Linux 4.1 Adds File-System Level Encryption
  5. Open-Source Ardour 4.0 Audio Software Has Big Improvements
  6. Linux-Powered Endless Computer Raises $100k+ In A Few Days
  7. GCC 5.1 RC2 Arrives, GCC 5.1 Planned For Next Week
  8. F2FS For Linux 4.1 Has New Features & Fixes
  9. Phoronix Server Upgrade This Weekend: Dual Haswell Xeons, 96GB DDR4
  10. Google's Experimental QUIC Transport Protocol Is Showing Promise
Most Viewed News This Week
  1. Nouveau: NVIDIA's New Hardware Is "VERY Open-Source Unfriendly"
  2. Linux 4.0 Kernel Released
  3. Linux 4.1 Brings Many Potentially Risky x86/ASM Changes
  4. Microsoft Announces An LLVM-Based Compiler For .NET
  5. VirtualBox 5.0 Beta 2 Released
  6. KDBUS Is Taking A Lot Of Heat, Might Be Delayed From Mainline Linux Kernel
  7. Mozilla Start Drafting Plans To Deprecate Insecure HTTP
  8. LibreOffice 4.5 Bumped To Become LibreOffice 5.0