From owner-freebsd-bugs  Tue Dec  2 14:47:50 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA11660
          for bugs-outgoing; Tue, 2 Dec 1997 14:47:50 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA11649
          for <bugs@FreeBSD.ORG>; Tue, 2 Dec 1997 14:47:43 -0800 (PST)
          (envelope-from j@uriah.heep.sax.de)
Received: (from uucp@localhost)
	by sax.sax.de (8.8.8/8.8.8) with UUCP id XAA24648;
	Tue, 2 Dec 1997 23:47:28 +0100 (CET)
	(envelope-from j@uriah.heep.sax.de)
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.8/8.8.5) id XAA15200;
	Tue, 2 Dec 1997 23:38:09 +0100 (MET)
Message-ID: <19971202233808.28585@uriah.heep.sax.de>
Date: Tue, 2 Dec 1997 23:38:08 +0100
From: J Wunsch <j@uriah.heep.sax.de>
To: ITG staff <jin@george.lbl.gov>
Cc: bugs@FreeBSD.ORG
Subject: Re: kern.securelevel auto from 0 to 1 ?bug/feature?
Reply-To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
References: <199712021656.IAA25972@george.lbl.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88
In-Reply-To: <199712021656.IAA25972@george.lbl.gov>; from ITG staff on Tue, Dec 02, 1997 at 08:56:11AM -0800
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

As ITG staff wrote:

> > No.  If you had read my mail, you knew the answer (and even the `how').
> 
> That solution is for a householder duty v.s. a president duty.
> Besides to startx first and then set securelevel to 1, I did not see

I didn't say anything about `startx'.  The only useful solution in
this case is to use xdm.

> there is another way to run X in secure mode. As you mentioned that the
> user cannot exit the X, which is awkward.

You're wrong, again.  You can logout, you only need to be careful to
not kill the Xserver when logging out.  (Normally, when logging out
xdm, it only resets the server, but doesn't kill it.)

> Since level 1 is for multi-users mode, it should let user to access the
> basic resource. If level-2 prohibits X to start, I would not be bothered,
> but level-1 should not stop running X.

As i mentioned before, i don't think the current state of the art is
anything much _desirable_, but i don't see any solution that'll be
ready within the current millenium, short of opening the wide security
hole of ``allow access to any and all hardware even with raised
securelevel''.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)