[arch-general] Is there a clean solution to get completely rid of Pulseaudio?
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Mon Dec 26 10:39:32 EST 2011
On Sat, 24 Dec 2011 00:20:17 +0100
Tom Gundersen wrote:
> > http://marc.info/?l=openbsd-misc&m=114233317926101
> >
> > And equivelent on Linux
> >
> > http://forums.grsecurity.net/viewtopic.php?f=3&t=47
> >
> > You can use framebuffer mode or the nouveau driver instead of the
> > nvidia binary and still run X with RAWIO access disabled but with
> > limited acceleration.
>
> Right, now I got it. You mean that there is a security hole on the
> machines where you don't use the open source (i.e. KMS) drivers. This
> is correct.
>
> Thanks for the clarification.
Yeah and it may be more difficult to exploit on a system running KMS
drivers but unless RAWIO is closed at kernel level (compilation
(preferred), selinux, setcap, lcap) then the hole is still there as the
default stance is obviously to allow all graphics cards to work.
More information about the arch-general
mailing list