Re: [TCLUG:10969] GNOME configuration questions/musings

["Eric M. Hopper" <hopper@omnifarious.mn.org>]

On Wed, Dec 15, 1999 at 10:29:57PM -0600, Callum Lerwick wrote:
> > > Linux really needs video drivers integrated into the kernel.
> > 
> > Not sure I agree; video drivers in the kernel didn't help out NT's
> > stability much...
> 
> Doesn't matter. Its the same code if its in the kernel or not. One
> serious problem with the current arrangement is the fact that the
> entire X server has to run root. This is a known security risk. The
> device dependent stuff should be in the kernel, and the X server
> should be able to run on top of this, as an *unprivileged user*.
> 
> But the heart of it, is hardware should only be touched by the
> kernel.  Thats its job.

	No, the kernel's job is to arbitrate access to resources.  It
just so happens that this usually involves hiding the hardware from user
processes for efficiency reasons.

	I personally would be kind of frightened of having too much
graphics stuff in the kernel because of both kernel bloat (I think the
kernel is generally unswappable) and because of the added stability
problems.

	I agree that having X run as root is a big security risk.  But,
although I'm not sure exactly how things currently work, it seems to me
that X shouldn't HAVE to run as root.  You should be able to just set
permissions on the framebuffer devices and such to allow X to open them
as a normal user.

	The kernel should provide X with a way of getting at the
hardware without it needing to run as root, or requiring the use of any
special interfaces beyond the odd ioctl call.

Have fun (if at all possible),
-- 
Its name is Public Opinion.  It is held in reverence. It settles everything.
Some think it is the voice of God.  Loyalty to petrified opinion never yet
broke a chain or freed a human soul.     ---Mark Twain
-- Eric Hopper (hopper@omnifarious.mn.org  http://omnifarious.mn.org/~hopper) --

PGP signature