Does enabling hardware acceleration increase the attack surface of software?
For software that process untrusted data and have an option to use hardware acceleration, does enabling hardware acceleration increase the attack surface of the software? Examples of situations where typical software process untrusted data: using a web browser to access websites on the internet, using a video player to play videos downloaded from the internet, importing media assets downloaded from the internet into a 3D modeling/rendering software, etc.
In terms of Linux AppArmor confinement, my guess is that disabling hardware acceleration reduces the attack surface of software. This is because software that does not use hardware acceleration can be confined more tightly (i.e. granted less access to files) than software that do use hardware acceleration. However, I am not sure whether or not this reasoning is valid outside the context of Linux AppArmor.
