Working Out "Serious Security Flaws" In DRM Drivers

Written by Michael Larabel in X.Org on 11 April 2014 at 09:13 AM EDT. 11 Comments
X.ORG
While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security.

Thomas Hellstrom of VMware wrote on the Linux kernel mailing list, "as was discussed a while ago, there are some serious security flaws with the current drm master model, that allows a user that had previous access or current access to an X server terminal to access the GPU memory of the active X server, without being authenticated to the X server and thereby also access other user's secret information."

Security-related bugs within the open-source Linux graphics drivers and X.Org stack are sadly not a rare occurrence. The X.Org security has been characterized by experts as being a disaster that is worse than it looks. Improvements have been made and security vulnerabilities addressed, including some bugs that date back two decades.

Hellstrom is looking to improve the security around DRM drivers in situations like a user using an X.Org Server and locking the screen while an untrusted user could VT switch, open a DRM connection, and guess GEM handle names of the switched-away X Server to dump the video memory objects. There's no DRM driver currently that is immune against three different security flaws noted by Thomas.

In Hellstrom's email he lays out several possibilities for kernel DRM developers to address these security flaws. We'll see in future kernel releases what's done to improve the situation.
11 Comments
Related News
X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs
Explicit GPU Synchronization Merged For XWayland
X.Org Server & XWayland Hit By Four More Security Issues
The X.Org Foundation Needs More Candidates To Hold An Election
X.Org Server Clears Out Remnants For Supporting Old Compilers
X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"