Zdenek Salvet <salvet@nyx.dcs.muni.cz> wrote (in his message from Wed 26)
 > I wonder why "length" argument is not checked/used.
 > Could be aperture driver secure if it would do such checks ?
 > (root only allowed to write directly into framebuffer)

The problem is that every different vga card maps its framebuffer at
different physical addresses. Since it's usually not documented
anywhere, XFree86 has made the choice to probe for the physical memory
adresses. 

For this probe to be possible, the aperure driver has to allow access
to every possible physical address. It explain why "length" ain't
checked. The only restriction is that it tries to deny access to the
physical CPU memory.

However, it seems that it's equivalent to use the new 'INSECURE'
kernel option: using the aperture driver one can modify every byte of
virutal memory.

A better approach (but hard to explain to novice users) would be to
run XFree86 once with an insecure kernel first, let it probe the physical
memory address range of the particular board it's using, then compile
an aperture driver restricted to this range and reboot a secure
kernel.

If someone wants to modify the code to do that, I'll be happy to
consider if for inclusion it in the next XFree86 release.


					Matthieu