Re: SecurityFocus Article

From: Jon Smirl
Date: Fri May 12 2006 - 01:13:34 EST


On 5/12/06, Dave Airlie <airlied@xxxxxxxxx> wrote:
Your ideas to fix X didn't result in patches to fix X, ideas are great
we all have ideas, patches are better, for some reason we don't all
have patches. We are fixing X, you are not.

In the past I wasted way too much time writing patches for X. I
understand now that there is little consensus on where X is going in
the future. X has few resources and many of these resources work at
cross purposes. You are doing a fine job, please keep up the good
work. For my part I have chosen to stop working in such a chaotic
environment.

But, no matter how you slice it, X is still a multi-megabyte process
needlessly running as root which makes it a scary security issue. I
know you are already aware of the philosophical and architectural
changes needed to switch X to a model where it runs as a normal
process and relies on the kernel for privileged operations. You and
Ian are taking the first steps, I hope that X will reach the consensus
necessary to implement the full change.

Question my sanity if you want, but I'm sticking with the old fashion
idea that privileged code that mucks with hardware belongs in a device
driver. I'm also stuck on the radical idea that only one device driver
at a time should be in control of a piece of hardware. X violates both
of these.

--
Jon Smirl
jonsmirl@xxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/