From owner-freebsd-security@FreeBSD.ORG Wed Nov 16 13:54:05 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62CB6106566B for ; Wed, 16 Nov 2011 13:54:05 +0000 (UTC) (envelope-from sidetripping@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 29E538FC14 for ; Wed, 16 Nov 2011 13:54:04 +0000 (UTC) Received: by ywe9 with SMTP id 9so7362187ywe.13 for ; Wed, 16 Nov 2011 05:54:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=iMSnVR13zEupLvZDd97BiZ6OyT2ulDPz+0Bdq6NTIUg=; b=VugqrfgAhCAf/C1oi5E+DRVJ4LmMp/c1dKBqdNS9OAmWyvFOx80wl5fbYrxlOErowE kSOzzn2i9pLFKjkiltlyYxz6w6mmv4n0tYsxEIMsqvIsKAIMjuzQRvG6NKbtkUepCaw2 y4JgpUJbjDHpe/rbH5k8ay6DeQZn2+/EuPrHY= MIME-Version: 1.0 Received: by 10.229.67.215 with SMTP id s23mr4588269qci.265.1321449775936; Wed, 16 Nov 2011 05:22:55 -0800 (PST) Received: by 10.229.220.79 with HTTP; Wed, 16 Nov 2011 05:22:55 -0800 (PST) Date: Wed, 16 Nov 2011 14:22:55 +0100 Message-ID: From: ian ivy To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Starting X11 with kernel secure level greater than -1/0. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2011 13:54:05 -0000 Hi, is there any chance (if yes, how to do this?) to use the xf86 driver which "provides access to the memory and I/O ports of a VGA board and to the PCI configuration registers for use by the X servers when running with a kernel security level greater than 0" in FreeBSD*? Then it will be possible to start X environment with a kernel secure level > 0, right? Normally it is impossible because of /dev/kmem etc. access. It is default solution in OpenBSD, I guess. Hmm, I see, that there is not xf86 in /dev directory, but... I know, that there is already a couple of xf86 drivers (e.g. xf86-video-nv, xf86-video-intel or libXxf86vm etc). These drivers are not right/required/correct, right? Of course I can change this level after system and X's start, but it is not the point. Is there any solution? Best regards! Ian. __________________ * source: OpenBSD XF86(4) man page. http://www.marko.homeunix.org/cgi-bin/man-cgi?xf86+4