[96] in linux-security and linux-alert archive
Re: SvgaLib (was Re: Secure setup for file transfert)
daemon@ATHENA.MIT.EDU (Fabrizio Giudici)
Fri Mar 10 11:13:54 1995
Date: Fri, 10 Mar 1995 13:29:22 +0100
From: Fabrizio Giudici <fritz@dibe.unige.it>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <9503091410.AA12809@is1e.vub.ac.be>
Reply-To: linux-security@tarsier.cv.nrao.edu
On Thu, 9 Mar 1995, GLAUDE DAVID wrote:
> Mr Martin J Hargreaves said:
>
> Well, is there any way to secure program ussing svgalib.
> It seems that to access vga io port you need some priviledge wich is an
> increase of security (not anybody should be able to turn you screen upside
> down). But because of the lack of security level in Unix (root or not root),
> all program for Vga have to be run as root (I always log as root but don't
> do as I do) or to be setuid root wich is a potential risk. (see above)
> Is there any other solution than setuid root thoses programs (like gs with
> the vga console driver). Shouldn't a solution be search ?
>
> --
> GLAUDE David dglaude@is1.ulb.ac.be [Glu]
> I speak French: "Linux est l'unique Unix de Linus."
>
I thought a possible solution could be to create a daemon (perhaps named
vgad?) that is able to process very-low-level queries like "write a bunch
of registers to vga" and so on. Such a daemon could also implement locking
mechanism to prevent from simultaneous VGA access more than one program
(sometimes I unintentionally got X locked up by mistakenly running a program
based on a library of mine, similar to svgalib, while X was running).
I think this approach could be better than implementing special devices
like /dev/vga or similar, because with a daemon no modifications to the
kernel are required (and I think it's a good thing to keep the kernel as
"light" as possible).
This is my idea. I'm an relatively-experienced programmer, but I've still
*lots* of things to learn about UNIX/LINUX programming, so I really don't
know if there is some tech problem in my approach. So please don't flame
;)
Ciao.
.---------------------------------------------------------------------------.
| Fabrizio Giudici (fritz@dibe.unige.it) | |
| WWW-PAGE: < work in progress > | Style distinguishes |
| PHONE: +39 10 3532163/3532780/3532781 | excellence between |
| Dept. of Biophys. and Elect. Eng. (DIBE) | accomplishment. |
| University of Genoa - ITALY - EUROPE - EARTH | |
|---------------------------------------------------------------------------|
| "For a succesful technology, reality must take precedence over public |
| relations, for Nature cannot be fooled." - Richard P. Feynman |
`---------------------------------------------------------------------------'
All expressed opinions are personal and not of the organization I work for.
