From: Andreas Beck <becka@rz.uni-duesseldorf.de>
  To  : ggi-develop@eskimo.com
  Date: Thu, 5 Aug 1999 21:52:33 +0200

Re: Matrox GGI accellerator

> > Note that, even in this case, you _may_ need to do some
> > access control (cf: the example I gave you for the 546x).
> > In case someone tries to use 'strange' accelerators
> > commands. [2]

> Is it possible to create 'Trusted software ?' I mean, knowing for sure
> that the accel driver you give your file handle to for mmapping accel
> space, is the GGI driver you wrote yourself ?

Well. It is possible, but it would make the driver illegal in some
countries. Cryptographic protocols for that do exist.

But even that doesn't solve the issue of a usermode program letting 
LibGGI "legally" get access and then bypass it and abuse it.

> And with knowing for sure I mean knowing 22898902490247890 % sure, not
> just 100 %....
> Hmm, just thinking... Open source isn't that cool at all here: Some user
> can hack the GGI libs and thus still crash the system. Damn.

This is a question of system administration IMHO. 
IMHO it would be just a matter of doing a uid/gid check.
Root can crash the system anyway, so if the calling program is root, give it
additional rights. And root could delegate that right e.g. to a given gid,
to which the driver would then also grant access. 

> Heh, I finally got the idea. But define mmap pages please. Are these 1)
> part of the framebuffer (Video cards RAM) or 2) Kernel memory ? 3)
> Something very logical my stupid mind forgets ?

2).

CU, ANdy

-- 
= Andreas Beck                    |  Email :  <andreas.beck@ggi-project.org> =