Re: group video access hazards?

To: debian-security@lists.debian.org
Subject: Re: group video access hazards?
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 28 Oct 2003 14:30:19 -0500
Message-id: <[🔎] 20031028193019.GN6350@dijkstra.csh.rit.edu>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20031028071253.GA9638@nova.vor.em.ca>
References: <[🔎] 20031028071253.GA9638@nova.vor.em.ca>

On Tue, Oct 28, 2003 at 07:12:53AM +0000, Tom Goulet (UID0) wrote:

> I'm curious what a malicious user could do with access to the
> framebuffer device via the </dev/fb0> device file.  Could a malicious
> user see anything other than what's on his or her virtual console or X
> session?
> 
> As it is I'm leaving ZGV set UID root on the theory that ZGV dropping
> root privileges is more secure than it keeping group video privileges.

A malicious user with gid video could do a lot less than a malicious user
with an open fd on /dev/mem, which is what svgalib does.

-- 
 - mdz

Reply to:

References:
- group video access hazards?
  - From: "Tom Goulet (UID0)" <uid0@em.ca>

Prev by Date: Re: group video access hazards?
Next by Date: Transparent bridge firewall with bridge-nf
Previous by thread: Re: group video access hazards?
Next by thread: Transparent bridge firewall with bridge-nf
Index(es):
- Date
- Thread