Bug 2119

Summary: via: insufficient security checks on DMA init IOCTL
Product: DRI Reporter: Thomas Hellström <thomas>
Component: DRM/otherAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: highest    
Version: DRI git   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Thomas Hellström 2004-12-20 12:09:51 UTC 
The DRM_IOCTL_VIA_DMA_INIT can be called as a normal user. 
This is of course easy to change, but Mesa 3D uses it to check whether AGP DMA
has been initialized and if  not, uses the PCI path. 

Either a separate user-callable IOCTL that checks wether AGP DMA has been
initialized is needed or a check for caller privileges is needed for
VIA_INIT_DMA and VIA_CLEANUP_DMA functions, whereas VIA_DMA_INITIALIZED should
be allowed as normal user.

Suggestions are appreciated.

/Thomas
Comment 1 Thomas Hellström 2004-12-21 09:13:34 UTC 
Fixed in CVS as of 20041222, by means of extra security checks within the IOCTL
main.
/Thomas

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.