From owner-freebsd-security  Thu Oct 14 21:39:59 1999
Delivered-To: freebsd-security@freebsd.org
Received: from jason.argos.org (a1-3a123.neo.rr.com [24.93.180.123])
	by hub.freebsd.org (Postfix) with ESMTP id 230FD14D29
	for <freebsd-security@FreeBSD.ORG>; Thu, 14 Oct 1999 21:39:56 -0700 (PDT)
	(envelope-from mike@argos.org)
Received: from localhost (mike@localhost)
	by jason.argos.org (8.9.1/8.9.1) with ESMTP id AAA05394;
	Fri, 15 Oct 1999 00:39:37 -0400
Date: Fri, 15 Oct 1999 00:39:36 -0400 (EDT)
From: Mike Nowlin <mike@argos.org>
To: "Rashid N. Achilov" <shelton@sentry.granch.ru>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kern.securelevel and X
In-Reply-To: <XFMail.991015111802.shelton@sentry.granch.ru>
Message-ID: <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> Why I can't start X with kern.securelevel more than -1?
> 
> When I attempt start X with kern.securelevel 1 or 2, startx crashed with 
> "KBENBIO (or like that): Operation not permitted"

It's been a while since I read something about this, but let's see how
good my memory is -- corrections welcomed.... :)

When running with a >0 securelevel, X can't access the video memory due to
security restrictions (probably something about letting a non-kernel
process access any kind of I/O or memory port directly), so the X server
can't talk to the video card -- boom.

Am I right?

mike




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message