On Sat, 24 Dec 2011 00:20:17 +0100 Tom Gundersen wrote:
http://marc.info/?l=openbsd-misc&m=114233317926101
And equivelent on Linux
http://forums.grsecurity.net/viewtopic.php?f=3&t=47
You can use framebuffer mode or the nouveau driver instead of the nvidia binary and still run X with RAWIO access disabled but with limited acceleration.
Right, now I got it. You mean that there is a security hole on the machines where you don't use the open source (i.e. KMS) drivers. This is correct.
Thanks for the clarification.
Yeah and it may be more difficult to exploit on a system running KMS drivers but unless RAWIO is closed at kernel level (compilation (preferred), selinux, setcap, lcap) then the hole is still there as the default stance is obviously to allow all graphics cards to work.