From owner-freebsd-security Sat Oct 16 1:50:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3a123.neo.rr.com [24.93.180.123]) by hub.freebsd.org (Postfix) with ESMTP id 522B814A1D for ; Sat, 16 Oct 1999 01:50:42 -0700 (PDT) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id EAA25287; Sat, 16 Oct 1999 04:50:18 -0400 Date: Sat, 16 Oct 1999 04:50:18 -0400 (EDT) From: Mike Nowlin To: Steve Reid Cc: "Rashid N. Achilov" , freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X In-Reply-To: <19991015133335.A410@grok.localnet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > But I don't think FreeBSD has that capability. I haven't seen any > mention of a FreeBSD aperture driver, not even in vaporware form. > Maybe people just don't realize such a thing is possible? ...not really sure I should bring this up, but....... My belief is that if you feel the necessity to run a machine (especially a production box) under a higher secure level, you should not be using that box for "general user uses", including X. With the prices of fast ethernet and motherboards these days, there's no reason why you can't make a workstation for general use that doesn't really mind getting trashed if somebody breaks in -- restore a backup tape, and you're ready to go. Diskless workstations (slaved off the high-security machine) comes to mind... --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message