From owner-freebsd-security@FreeBSD.ORG Tue Jun 1 09:03:06 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF3F916A4CE for ; Tue, 1 Jun 2004 09:03:06 -0700 (PDT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6042A43D5D for ; Tue, 1 Jun 2004 09:03:04 -0700 (PDT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc11) with ESMTP id <20040601160302011009h2n8e>; Tue, 1 Jun 2004 16:03:03 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id E45BC12; Tue, 1 Jun 2004 12:03:01 -0400 (EDT) Sender: lowell@be-well.ilk.org To: "bofn" References: From: Lowell Gilbert Date: 01 Jun 2004 12:03:01 -0400 In-Reply-To: Message-ID: <44u0xvnu4q.fsf@be-well.ilk.org> Lines: 42 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-security@freebsd.org Subject: Re: X & securelevel=3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2004 16:03:06 -0000 "bofn" writes: > running (4-Stable) > > Hi, > > short form question: > how does one run XDM under securelevel>0 ? > > long version: > i've searched for an answer on how to run Xfree/Xorg at a securelevel > the X server likes access to /dev/io and some other resources but is not > granted access after security is switched on. > one way of doing it seems to be to start it before setting the securelevel, but > then is doesnt allow a restart of X. > the other option seems to be the Aperture patch, ported in 2001 with no recent > updates and no longer usable against the current software. You understand the situation just fine. The real question is what you hope securelevels will do for you if you are allowing a userland process to access arbitrary memory, as X does. > 2nd part of the question.. > cd writing needs direct access to /dev/ and that is also not allowed in > secure more. > how can one give selective access to only allow (RW) access to one or two > devices ? You can't. > if there is no way of doing these things with configs and such, can anyone > point me at the relevant source code that controls these functions so i can add > this specific functionality. That would probably be the platform-dependent mem.c and sys_machdep.c files; I think you may need to worry about the spigot and vnops opens as well (and probably ioctls). I don't think it's worth worrying about, though; it would be very hard to make it bulletproof, and for fairly little gain. Securelevels are a very narrowly focused tool; they are not intended to be a magic bullet for security.