From owner-freebsd-current  Mon Jul  6 16:59:59 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA14973
          for freebsd-current-outgoing; Mon, 6 Jul 1998 16:59:59 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA14968
          for <current@FreeBSD.ORG>; Mon, 6 Jul 1998 16:59:58 -0700 (PDT)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id QAA01334;
	Mon, 6 Jul 1998 16:58:12 -0700 (PDT)
Message-Id: <199807062358.QAA01334@dingo.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: joelh@gnu.org
cc: jkh@time.cdrom.com, smoergrd@oslo.geco-prakla.slb.com,
        tarkhil@asteroid.svib.ru, current@FreeBSD.ORG
Subject: Re: xf86OpenConsole: KDENABIO failed (Operation not permitted) 
In-reply-to: Your message of "Mon, 06 Jul 1998 17:11:22 CDT."
             <199807062211.RAA09001@detlev.UUCP> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 06 Jul 1998 16:58:12 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >> Most things that are disallowed under securelevel 1 are things that
> >> aren't frequently done except during rc, a system install, or an
> >> attack.  But running X is a normal operation.  I'd classify it as a
> >> bug myself.
> > Actually, running X is not a "normal" operation at all - it performs
> > inb/outb instructions and does various privileged bits of syscons
> > frobbing that could be potentially quite hazardous in the hands of the
> > deliberately malicious.  Running an X server should be a conscious
> > compromise of certain types of security.
> 
> While I will agree that it does not run in a normal manner, it is not
> an infrequent operation.
> 
> I was about to continue that paragraph, when the question occurred:
> Are there no other userland programs (besides wine and doscmd) that do
> these ops?

Lots of them; there's plenty of low-speed industrial control 
applications that dink the hardware directly courtesy of the IOPL bit.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message