On Thu, 2008-09-25 at 23:38 -0400, Valdis.Kletnieks(a)vt.edu wrote:
On Fri, 26 Sep 2008 00:31:09 +1000, James Morris said:
> - Francis asked for a much-secure or safer workaround to the issue.
> Given that the driver is messing with kernel security, is also broken in
> its use of a security API, and not maintained, I'm certainly not going to
> recommend its continued use in this context.
From the perspective of security and safety, I agree with James in
simply *not* using the fglrx driver, in favor of a VESA or compatible
open-source device driver; however, that being said, it will essentially
cripple the usage of the full range of the video card's capabilities.
It is acceptable if I were to only be limited to simple text editing and
low intensity graphics. However, it does mean that any photo-realistic
and intense graphics manipulation will suffer, which I can live with for
a little while, but not forever.
Given the fact it's a kernel BUG, I wonder if the *real* issue
isn't
that the driver doesn't support SELinux, but that it doesn't understand
the expanded more-than-32-bits capabilities in recent kernels, causing
something to overlay something it shouldn't have...
If this is the case, then I would be happy to tell AMD/ATI about this
interface bug; however, I think that SELinux itself, Linux and the
Open-source community should use incidences like this as further
proof-of-application (versus proof-of-concept). At least, in this
respect, there should be an opportunity for strengthening liason between
*us* and the AMD/ATI team.
Peace,
Frank