Date: 23 Dec 2004 21:01:52 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Mark <mark@darklogik.org> Cc: freebsd-questions@freebsd.org Subject: Re: Xorg & xdm & securelevels Message-ID: <44is6ssbcf.fsf@be-well.ilk.org> In-Reply-To: <20041222223050.A67744@logik.ath.cx> References: <20041222223050.A67744@logik.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark <mark@darklogik.org> writes: > I would like to push my securelevel up to 1 in order to better enforce > my security policy (protecting chflags, kernel modules etc) but this > of course would break Xorg as it requires access to /dev/io. I've > heard that it's possible to run Xorg via xdm whilst the system is > booting at securelevel 0 and have the securelevel raised afterwards, > effectively allowing X to live in a securelevel > 0 environment. Sure. I don't bother for my own machines, because I'm very careful about authentication methods, but it's certainly > How painful is this to implement? Am I likely to run into any > major problems? It's trivial to implement, and will work fine. If I remember correctly, setting the securelevel by the normal rc.conf method and enabling xdm from ttys(5) should do it. > I've also heard that it's possible to remove the SUID bit from X > by using xdm, but that's probably for another thread... Yep, completely different topic. It's true that it's possible, but if you're in a raised securelevel, it's also not going to gain you much.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44is6ssbcf.fsf>