On Tue, Oct 28, 2003 at 07:12:53AM +0000, Tom Goulet (UID0) wrote: > I'm curious what a malicious user could do with access to the > framebuffer device via the </dev/fb0> device file. Could a malicious > user see anything other than what's on his or her virtual console or X > session? > > As it is I'm leaving ZGV set UID root on the theory that ZGV dropping > root privileges is more secure than it keeping group video privileges.
A malicious user with gid video could do a lot less than a malicious user with an open fd on /dev/mem, which is what svgalib does. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
