Re: recommended video card?

To: "Pouya D. Tafti" <p%san-serriffe.org@localhost>
Subject: Re: recommended video card?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 7 Jun 2010 14:12:06 -0400

On Mon, Jun 07, 2010 at 07:33:17PM +0200, Pouya D. Tafti wrote:
> 
> work at all for me).  There were some discussions at some point about
> there being some interest among OpenBSD developers in adding support
> for kernel mode switching, in order to make it possible to run X11 at
> higher security levels.

One should note, of course, that "possible" does not mean "safe".  If
you can touch any of the registers of any device which can do DMA --
this means almost *any* modern video adapter -- at securelevel > 0,
you've basically punched a hole in the security model that you could
drive a truck through.  It's kind of like the old "aperture" driver:
"Hi, can I buy a false sense of security, please?  A real one would
be too expensive."

The only safe way is for the kernel to mediate all access to any device
with a DMA engine.  But that is not the way modern X servers want to
do it (it is how many of the early ones worked).

Thor

Follow-Ups:
- Re: recommended video card?
  - From: Joerg Sonnenberger

References:
- recommended video card?
  - From: Greg Troxel
- Re: recommended video card?
  - From: Pouya D. Tafti

Prev by Date: Re: recommended video card?
Next by Date: Re: recommended video card?
Previous by Thread: Re: recommended video card?
Next by Thread: Re: recommended video card?
Indexes:

Home | Main Index | Thread Index | Old Index