Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
E-mail Print r 1   · Read More · 71 Comment(s)
Thread beginning with comment 358747
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Xorg security flaw
by elsewhere on Wed 15th Apr 2009 23:34 UTC in reply to "Xorg security flaw"
Member since:

To my knowledge, most of the open-source graphics drivers have patches available that allow them to run with a limited-user Xorg. Nvidia and ATI drivers don't support this mode of operation and it's not possible for us to patch them (they are closed-source).

So, while Xorg and the developers of open-source graphics drivers would be partly to blame for not completely implementing the non-root Xorg, there would also be some blame for Nvidia and ATI as their non-compliance is holding back us back from fixing this security issue.

I won't argue that open drivers would be preferable, but to clarify, the proprietary nvidia driver for xorg (the userspace portion) doesn't require root permissions, hasn't for a while. It does everything through /dev/nvidia*. From that POV, the open 3d drivers are just catching up.

It's the rest of xorg, and the default packaging distros use, that kept xorg running as root for nvidia users. Now that KMS is here, perhaps we'll start seeing xorg running as non-root by default.

Your open drivers and their non-compliance up until now has been holding us proprietary nvidia users from fixing this security issue. ;)

Reply Parent Score: 3