On Tue, Aug 13, 2002 at 01:23:11PM -0400, Greg A. Woods wrote:

> As I understand it XFree86 is broken by
> design.  It cannot understand a proper framebuffer device driver and
> thinks it wants direct access to the hardware itself.

Well, I understand your point, and you are right in some way: as implemented
now for i386/PCI cards this is a *huge* security problem.

But on the other hand, there is no real alternative for the mass of PCI cards,
which are DMA capable and thus any access to the acceleration features cause
such a risk - unless you impose strong controll via a yet nonexistent (and
unlikely to be developed anytime soon) new framebuffer kernel interface.

For sbus cards you are partly right: some of them are pretty dumb (so a simple
Xsun framebuffer kernel interface works OK) *or* we do not support acceleration
on them (so again Xsun works).

IMHO it boils down to: stay with the dumb/slow Xsun interface (which can not
support two out of three sparcs I currently own) or move on, with slightly
increased risk. Why would you trust the kernel framebuffer driver more than
the XFree driver? Because it can't be replaced at runtime? I don't run
Xservers on firewalls, the risk (for me) is under controll.

If we realy need to, we could probably #ifdef the #if mess in the xsrc 
configuration even more and optionally build Xsun out of the same source
for those that prefer it.

Not easy, but not impossible either.

Martin