From owner-freebsd-bugs Mon Dec 1 17:13:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA10999 for bugs-outgoing; Mon, 1 Dec 1997 17:13:50 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: from george.lbl.gov (george-2.lbl.gov [131.243.2.12]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id RAA10993 for ; Mon, 1 Dec 1997 17:13:47 -0800 (PST) (envelope-from jin@george.lbl.gov) Received: (jin@localhost) by george.lbl.gov (8.6.10/8.6.5) id RAA15933; Mon, 1 Dec 1997 17:13:45 -0800 Date: Mon, 1 Dec 1997 17:13:45 -0800 From: Jin Guojun (ITG staff) Message-Id: <199712020113.RAA15933@george.lbl.gov> To: bugs@FreeBSD.ORG, joerg_wunsch@uriah.heep.sax.de Subject: Re: kern.securelevel auto from 0 to 1 ?bug/feature? Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk }> The secure level should do nothing }> with Xserver AT ALL. } }It _should not_, but go and read my mail again. The fact that it }actually _does_ is an artifact of the current design how the Xserver }works. Frankly, it's extending an interface that's normally in the }kernel's domain (direct hardware access) out into userland. This }requires full access to the hardware from the Xserver process, which }violates the normal security layering of unix. } }In `secure' mode, this violation will be prevented, since there's a }huge potential to abuse it in other ways. Since, as you point out, }secure mode is mainly intended for network server machines, the }ability to still run an Xserver without any limitation is probably not }the prime criterion for those admins operating such a server, given }the security risk the low-level hardware access involves. } }Unless you're willing to donate several thousands of hours to redesign }and rewrite the entire X11 DDX layer for the x86 architecture, i don't }see how this will be change within the forseeable future. Does this mean that all machines running X have to run at insecure mode? -Jin