On 20/12/2013 10:55, Thomas Hellstrom wrote: > On 12/20/2013 10:31 AM, Martin Peres wrote: >> On 20/12/2013 07:57, Thomas Hellstrom wrote: >>> So this is a potential issue that needs to be brought up sooner or >>> later: >>> >>> Let's say a client is authenticated by the current master. >>> Then the master drops, and we have a new master (fast user switching for >>> example). >>> >>> What's the status of the clients authenticated by old masters? >>> Should they be allowed to render and use memory resources or >>> shouldn't they? >>> >>> A typical example where this could pose a problem is where user 1 opens >>> a drm connection, authenticates itself and then drops master. >>> Then user 2 starts an X server and exposes all DRI contents to user 1? >>> >>> /Thomas >> I wouldn't worry about that since all clients should use render nodes >> instead. >> If you worry about this, help making the switch to them happen. >> > OK, so let's say user 1 opens a connection through a render node and > starts rendering using shared buffers. > Then we do a fast user switch, the render node ACL is updated and user 2 > logs in. > What's stopping user 2 from accessing user 1's DRI content? > > I haven't looked closely at what's actually allowed through render > nodes; perhaps buffer sharing using global names isn't?
That's right. GEM buffer sharing is disabled in render nodes. Only DMA-Buf is allowed. GEM buffer sharing could hardly be less secure, that's why it was decided to drop it entirely in favour of dma-buf. Martin
