Date: Sat, 28 Feb 1998 11:53:49 -0800 (PST) From: dima@best.net (Dima Ruban) To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Cc: dima@best.net, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD Security Advisory: mmap() Problem Message-ID: <199802281953.LAA25341@burka.rdy.com> In-Reply-To: <199802281833.NAA13156@khavrinen.lcs.mit.edu> from Garrett Wollman at "Feb 28, 98 01:33:18 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman writes: > <<On Fri, 27 Feb 1998 20:28:18 -0800 (PST), dima@best.net (Dima Ruban) said: > > > This is not entirely correct. Take a look at OpenBSD's /etc/rc.securelevel. > > Everything that shoudl have write access to /dev/*mem should be started > > before securelevel is bumbed. > > And then all you have to do is compromise one of those programs... > > There is a legitimate purpose for starting programs that early, but I > don't think running an insecure X server is one of them. Well, please define "insecure X server". Personaly, I don't know about any security bugs in it. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802281953.LAA25341>