«Due to the use of direct rendering technology, system designers shouldSeems like Intel did not really understand the point of DRI, whose purpose is precisely to provide that kind of security (when compared to the older, user-space only approach).
take special care to ensure that only trusted clients are allowed to use
the OpenGL library. A malicious application could otherwise use direct
rendering to destabilized the graphics hardware or, in theory, elevate
their permissions on the system.»
I could also point out that this portion of the release notes is misleading, as malicious clients do not need the OpenGL library to exploit this security hole and achieve privilege elevation. In fact this would be achieved using a program acting like this library instead.
Linux graphics acceleration is still a long way off...
Aucun commentaire:
Enregistrer un commentaire