XRT
XRT copied to clipboard
xocl udev rules are too liberal
The /etc/udev/rules.d/99-xocl.rules
has a rule:
KERNEL=="renderD*",MODE="0666"
to make the DRM control file usable by anybody.
But it changes all these files on the system, like the one for my AMD and Nvidia GPU on my machine to mode 0666 instead of 0660, not only the ones controlled by xocl
.
/usr/lib/udev/rules.d/50-udev-default.rules
defines a rule for the renderD
files to set the mode to 0660, which means that it requires to be root
or group render
to use this.
A minimal change could be
KERNEL=="renderD*", DRIVERS=="xocl", MODE="0666"
This has been experimented on Ubuntu 22.04:
udevadm test $(udevadm info --query=path --name=/dev/dri/renderD130) |& grep MODE
At the end, while I understand the comfort of 0666, I am unsure about the security impact for FPGA, compared to restricting it to some user groups. Of course there is no bug in our software, so we are safe. :-) At least we should not change the security model for other devices.