From owner-freebsd-security Sat Feb 28 10:33:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA05023 for freebsd-security-outgoing; Sat, 28 Feb 1998 10:33:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA05017 for ; Sat, 28 Feb 1998 10:33:26 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id NAA13156; Sat, 28 Feb 1998 13:33:18 -0500 (EST) (envelope-from wollman) Date: Sat, 28 Feb 1998 13:33:18 -0500 (EST) From: Garrett Wollman Message-Id: <199802281833.NAA13156@khavrinen.lcs.mit.edu> To: dima@best.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD Security Advisory: mmap() Problem In-Reply-To: <199802280428.UAA19048@burka.rdy.com> References: <199802280132.RAA00955@cwsys.cwsent.com> <199802280428.UAA19048@burka.rdy.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk < This is not entirely correct. Take a look at OpenBSD's /etc/rc.securelevel. > Everything that shoudl have write access to /dev/*mem should be started > before securelevel is bumbed. And then all you have to do is compromise one of those programs... There is a legitimate purpose for starting programs that early, but I don't think running an insecure X server is one of them. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message