Quote of the week
Posted Oct 21, 2006 0:18 UTC (Sat) by intgr
In reply to: Quote of the week
Parent article: Quote of the week
(1) Video driver code is uninteresting for crackers since there are so many levels of indirection between the network/file formats and the graphics driver, that even if a bug was found, it will likely be impossible to exploit without direct access to the computer or the X server.
(2) Binary BLOBs take *much* more effort to audit since all the attacker has is the assembly code - which has to be reverse engineered and understood first.
Given these conditions that make auditing binary video drivers particularly unattractive, I think it's grossly unfair to compare it to an average piece of OSS code.
to post comments)