From owner-freebsd-security@FreeBSD.ORG  Fri May 28 20:43:35 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BD26A16A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 28 May 2004 20:43:35 -0700 (PDT)
Received: from sqnork.irq.org (q.xs4all.nl [194.109.236.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A167143D5C
	for <freebsd-security@freebsd.org>;
	Fri, 28 May 2004 20:43:34 -0700 (PDT)
	(envelope-from bofn@sqnork.irq.org)
Received: by sqnork.irq.org (CommuniGate Pro PIPE 4.1.8)
  with PIPE id 3714610; Sat, 29 May 2004 05:43:26 +0200
X-MailScan: 7564953-0808528408
Received: from [203.79.96.107] (account bofn@sqnork.irq.org)
	by sqnork.irq.org (CommuniGate Pro WebUser 4.1.8)
	with HTTP id 3714609 for freebsd-security@freebsd.org;
	Sat, 29 May 2004 05:43:23 +0200
From: "bofn" <bofn@irq.org>
To: freebsd-security@freebsd.org
X-Mailer: CommuniGate Pro WebUser Interface v.4.1.8
Date: Sat, 29 May 2004 05:43:23 +0200
Message-ID: <web-3714609@sqnork.irq.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Subject: X & securelevel=3
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 May 2004 03:43:35 -0000


running (4-Stable)

Hi,

short form question:
 how does one run XDM under securelevel>0 ?

long version:
i've searched for an answer on how to run Xfree/Xorg at a securelevel
the X server likes access to /dev/io and some other resources but is not
granted access after security is switched on.
one way of doing it seems to be to start it before setting the securelevel, but
then is doesnt allow a restart of X.
the other option seems to be the Aperture patch, ported in 2001 with no recent
updates and no longer usable against the current software.

2nd part of the question..
cd writing needs direct access to /dev/<acd0c> and that is also not allowed in
secure more.
how can one give selective access to only allow (RW) access to one or two
devices ?

if there is no way of doing these things with configs and such, can anyone
point me at the relevant source code that controls these functions so i can add
this specific functionality. 


Cheers
* Anna