|
|
|
|
|
|
by om2
3415 days ago
|
|
|
I don't think passing command buffers or structures in memory will be an obstacle to security. The main security issues will likely be:
* Avoiding out of bounds memory reads
* Avoiding threadsafety issues
* Figuring out lifetime for everything to avoid enabling out of bounds memory reads
* Coming up with a safe and validatable shader format (probably a binary one, which makes validation harder)
* Checking correctness of things enough to avoid making drivers completely choke We haven't figured out a lot of these deeper issues. We don't believe the basic model is intrinsically harder to secure than OpenGL though. In fact, OpenGL's complex drivers make security harder, because exploiting the driver means a kernel exploit, so you have to be super paranoid about what you pass to the OpenGL API. Modern graphics APIs have thinner drivers so there's less risk. |
|
|