From owner-freebsd-bugs Mon Dec 1 14:39:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA26995 for bugs-outgoing; Mon, 1 Dec 1997 14:39:19 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA26980 for ; Mon, 1 Dec 1997 14:39:14 -0800 (PST) (envelope-from j@uriah.heep.sax.de) Received: (from uucp@localhost) by sax.sax.de (8.8.8/8.8.8) with UUCP id XAA09066; Mon, 1 Dec 1997 23:39:10 +0100 (CET) (envelope-from j@uriah.heep.sax.de) Received: (from j@localhost) by uriah.heep.sax.de (8.8.8/8.8.5) id XAA11590; Mon, 1 Dec 1997 23:34:13 +0100 (MET) Message-ID: <19971201233413.53113@uriah.heep.sax.de> Date: Mon, 1 Dec 1997 23:34:13 +0100 From: J Wunsch To: bugs@FreeBSD.ORG Cc: "Jin Guojun [ITG staff]" Subject: Re: kern.securelevel auto from 0 to 1 ?bug/feature? Reply-To: Joerg Wunsch References: <199712012005.MAA07847@george.lbl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <199712012005.MAA07847@george.lbl.gov>; from Jin Guojun [ITG staff] on Mon, Dec 01, 1997 at 12:05:18PM -0800 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Jin Guojun [ITG staff] wrote: > I am not sure what is your point. Nor am i about yours... this is weeks after my initial mail, so i lost the entire context. > The secure level should do nothing > with Xserver AT ALL. It _should not_, but go and read my mail again. The fact that it actually _does_ is an artifact of the current design how the Xserver works. Frankly, it's extending an interface that's normally in the kernel's domain (direct hardware access) out into userland. This requires full access to the hardware from the Xserver process, which violates the normal security layering of unix. In `secure' mode, this violation will be prevented, since there's a huge potential to abuse it in other ways. Since, as you point out, secure mode is mainly intended for network server machines, the ability to still run an Xserver without any limitation is probably not the prime criterion for those admins operating such a server, given the security risk the low-level hardware access involves. Unless you're willing to donate several thousands of hours to redesign and rewrite the entire X11 DDX layer for the x86 architecture, i don't see how this will be change within the forseeable future. > My question is "why cannot the system let secure level stay at level 0 > during the boot processing?" It can certainly be set to 0 after boot. > Would someone be happy to address this issue? Yes, the sources for init(8) will happily explain you that the securelevel actually *is* raised once the boot process has completed so far, inside the function multi_user(). Thus, if you have started your Xserver before (e.g. from /usr/X11R6/etc/rc.d/xdm.sh, which is one possible method to use), it is already running at this time. Of course, you gotta make d*mn sure it'll never exit. You should turn off the `zap' hotkey, to the very least. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)