SELinux detects problem with proprietary binary fglrx driver; however, AMD/ATI will not help
Francis K Shim
belfrancis2001 at yahoo.ca
Fri Sep 26 20:00:54 UTC 2008
On Thu, 2008-09-25 at 23:38 -0400, Valdis.Kletnieks at vt.edu wrote:
> On Fri, 26 Sep 2008 00:31:09 +1000, James Morris said:
>
> > - Francis asked for a much-secure or safer workaround to the issue.
> > Given that the driver is messing with kernel security, is also broken in
> > its use of a security API, and not maintained, I'm certainly not going to
> > recommend its continued use in this context.
>From the perspective of security and safety, I agree with James in
simply *not* using the fglrx driver, in favor of a VESA or compatible
open-source device driver; however, that being said, it will essentially
cripple the usage of the full range of the video card's capabilities.
It is acceptable if I were to only be limited to simple text editing and
low intensity graphics. However, it does mean that any photo-realistic
and intense graphics manipulation will suffer, which I can live with for
a little while, but not forever.
> Given the fact it's a kernel BUG, I wonder if the *real* issue isn't
> that the driver doesn't support SELinux, but that it doesn't understand
> the expanded more-than-32-bits capabilities in recent kernels, causing
> something to overlay something it shouldn't have...
If this is the case, then I would be happy to tell AMD/ATI about this
interface bug; however, I think that SELinux itself, Linux and the
Open-source community should use incidences like this as further
proof-of-application (versus proof-of-concept). At least, in this
respect, there should be an opportunity for strengthening liason between
*us* and the AMD/ATI team.
Peace,
Frank
More information about the fedora-selinux-list
mailing list