Subject: Re: i386 + aperture + 1.6Q
To: Greywolf <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 03/28/2003 14:14:38
Greywolf <firstname.lastname@example.org> writes:
> Thus spake Perry E. Metzger ("PEM> ") sometime Today...
> PEM> However, once you're running X, you are allowing a known insecure
> PEM> userland process to arbitrarily change kernel memory...
> I know, I know -- it doesn't work as planned, but is there no way for
> the kernel aperture driver to enforce that you can only modify memory
> that is germane to the display?
No. All video cards newer than, say, eight years ago have features
that prevent any such attempt from possibly working.
Consider, for example, that all such cards have DMA controllers on
board -- DMA controllers which can be programmed to move bits into and
out of arbitrary portions of memory.
Perry E. Metzger email@example.com