|author||mperes <mperes@web>||2013-09-23 14:07:48 -0700|
|committer||xorg <firstname.lastname@example.org>||2013-09-23 14:07:48 -0700|
Diffstat (limited to 'Events/XDC2013/XDC2013DavidHerrmannDRMSecurity.mdwn')
1 files changed, 15 insertions, 1 deletions
diff --git a/Events/XDC2013/XDC2013DavidHerrmannDRMSecurity.mdwn b/Events/XDC2013/XDC2013DavidHerrmannDRMSecurity.mdwn
index a1471b04..ab05a59f 100644
@@ -2,10 +2,24 @@
+During the last few years, users of the DRM API have increased significantly.
+Aside from the X-Server different parts of the linux desktop stack use the DRM
+API directly. This includes Plymouth, Weston, Mir, kmscon and more.
+While the DRM and KMS APIs could mostly withstand the strain, the lack of a sole
+user-space DRM user showed several shortcomings in the design. We cannot rely
+on X-Server or DDX fixes to work around kernel API deficiencies, anymore. We
+have to carefully take all the different DRM applications into account while
+changing or improving the DRM API.
+By opening /dev/dri/ to more applications than the X-Server, we also open it for
+spoofing attacks. In this talk I want to built on the results of last year's
+DRM2 talk (XDC-2012) and address the GEM-Flink, DRM-mmap() and DRM-Master
+related spoofing attacks. I developed several examples that reveal how easy it
+is to misuse these and will discuss the fixes that were introduced to DRM during
+the last year.
* Video: youtube, webm