Re: 3dfx - a security hazard?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Fri, 12 Mar 1999 13:08:57 +0000 (GMT)


> On Thu, 11 Mar 1999, Tigran Aivazian wrote:
> > But, as I said, Alan is always right, so I am merely curious
> > as to what am I missing here.
> 3Dfx driver was written to allow safe access to 3Dfx boards
> by non-root users. The problem is that it doesn't play it's
> role well, because any user with access to /dev/3dfx can
> write to arbitrary PCI config space of the card -> look at
> doQueryUpdate(). In other words it gives you nothing over
> '+s' stuff.

It isnt just PCI config space . At least it doesnt appear to be. A
simple loop dumping /vmlinuz to the mmio space on a 3dfx card appears
to crash the card, the bus and the PC.

If it was just PCI configuration space it would be relatively easy to
fix - you make PCI config setup root only and provide a "set3dfx" tool

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/