diff options
author | Henrique de Moraes Holschuh <hmh@hmh.eng.br> | 2010-02-25 22:22:22 -0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-03-15 09:06:48 -0700 |
commit | c9438d3d949d4c5f88f630b647011b8381c63ae5 (patch) | |
tree | 2d12479e827ee849f3df2eef9117e72dd7040e1f /Documentation | |
parent | 6f4698f6c3846c4ddccaacee85aec17599dabcff (diff) | |
download | kernel-crypto-c9438d3d949d4c5f88f630b647011b8381c63ae5.tar.gz kernel-crypto-c9438d3d949d4c5f88f630b647011b8381c63ae5.tar.xz kernel-crypto-c9438d3d949d4c5f88f630b647011b8381c63ae5.zip |
thinkpad-acpi: lock down video output state access
commit b525c06cdbd8a3963f0173ccd23f9147d4c384b5 upstream.
Given the right combination of ThinkPad and X.org, just reading the
video output control state is enough to hard-crash X.org.
Until the day I somehow find out a model or BIOS cut date to not
provide this feature to ThinkPads that can do video switching through
X RandR, change permissions so that only processes with CAP_SYS_ADMIN
can access any sort of video output control state.
This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of X.org to
hard-crash some ThinkPads.
Reported-by: Jidanni <jidanni@jidanni.org>
Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/laptops/thinkpad-acpi.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/laptops/thinkpad-acpi.txt b/Documentation/laptops/thinkpad-acpi.txt index 75afa1229fd..39c0a09d010 100644 --- a/Documentation/laptops/thinkpad-acpi.txt +++ b/Documentation/laptops/thinkpad-acpi.txt @@ -650,6 +650,10 @@ LCD, CRT or DVI (if available). The following commands are available: echo expand_toggle > /proc/acpi/ibm/video echo video_switch > /proc/acpi/ibm/video +NOTE: Access to this feature is restricted to processes owning the +CAP_SYS_ADMIN capability for safety reasons, as it can interact badly +enough with some versions of X.org to crash it. + Each video output device can be enabled or disabled individually. Reading /proc/acpi/ibm/video shows the status of each device. |