David Herrmann - DRM Security


During the last few years, users of the DRM API have increased significantly. Aside from the X-Server different parts of the linux desktop stack use the DRM API directly. This includes Plymouth, Weston, Mir, kmscon and more. While the DRM and KMS APIs could mostly withstand the strain, the lack of a sole user-space DRM user showed several shortcomings in the design. We cannot rely on X-Server or DDX fixes to work around kernel API deficiencies, anymore. We have to carefully take all the different DRM applications into account while changing or improving the DRM API. By opening /dev/dri/ to more applications than the X-Server, we also open it for spoofing attacks. In this talk I want to built on the results of last year's DRM2 talk (XDC-2012) and address the GEM-Flink, DRM-mmap() and DRM-Master related spoofing attacks. I developed several examples that reveal how easy it is to misuse these and will discuss the fixes that were introduced to DRM during the last year.