Fedora: RFC: X.Org X11 modularization project - rpm package driver naming
Fedora: RFC: X.Org X11 modularization project - rpm package driver naming
Posted Aug 31, 2005 0:54 UTC (Wed) by proski (subscriber, #104)In reply to: Fedora: RFC: X.Org X11 modularization project - rpm package driver naming by brouhaha
Parent article: Fedora: RFC: X.Org X11 modularization project - rpm package driver naming
As far as I know, all new security extensions can only restrict access but not to add new permissions. You cannot start with a non-suid binary and give it an "endorsement" it to access PCI bus. You still have to start with a suid binary and restrict its permissions, which is what you can do now without any code changes.
I hope you would agree that permitting raw PCI access for non-privileged applications would mean a much bigger security problem than running X server suid root.
Posted Sep 1, 2005 10:37 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
It's not a security extension; it's a set of devices which expose raw PCI access to userspace. You can then chmod/chown/chgrp each PCI device suitably (so that the "graphics" group can play with the video card), then run X SGID as graphics.
Fedora: RFC: X.Org X11 modularization project - rpm package driver naming