From owner-freebsd-doc@FreeBSD.ORG  Sun Nov 12 09:52:05 2006
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: freebsd-doc@freebsd.org
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 101EC16A403;
	Sun, 12 Nov 2006 09:52:05 +0000 (UTC)
	(envelope-from lothrandil@n00b.apagnu.se)
Received: from pne-smtpout2-sn1.fre.skanova.net
	(pne-smtpout2-sn1.fre.skanova.net [81.228.11.159])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A02E943D45;
	Sun, 12 Nov 2006 09:52:04 +0000 (GMT)
	(envelope-from lothrandil@n00b.apagnu.se)
Received: from [90.224.57.146] (90.224.57.146) by
	pne-smtpout2-sn1.fre.skanova.net (7.2.075)
	id 452BAC860065EE40; Sun, 12 Nov 2006 10:52:03 +0100
Message-ID: <4556EECB.1040302@n00b.apagnu.se>
Date: Sun, 12 Nov 2006 10:52:11 +0100
From: Niclas Zeising <lothrandil@n00b.apagnu.se>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Giorgos Keramidas <keramida@freebsd.org>
References: <200611120030.kAC0URfM084496@freefall.freebsd.org>
In-Reply-To: <200611120030.kAC0URfM084496@freefall.freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-doc@FreeBSD.org
Subject: Re: docs/104403: man security should mention that the usage of the
 X Window Systen is only possible with kern.securitylevel=-1
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2006 09:52:05 -0000

Giorgos Keramidas wrote:
> The following reply was made to PR docs/104403; it has been noted by GNATS.
> 
> From: Giorgos Keramidas <keramida@freebsd.org>
> To: "Dr. Markus Waldeck" <waldeck@gmx.de>
> Cc: freebsd-gnats-submit@freebsd.org
> Subject: Re: docs/104403: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
> Date: Sun, 12 Nov 2006 01:18:11 +0100
> 
>  On 2006-10-14 09:29, "Dr. Markus Waldeck" <waldeck@gmx.de> wrote:
>  > man security should mention that the usage of the X Window Systen is
>  > only possible with kern.securitylevel=-1.
>  >
>  > With kern.securitylevel=0 or higher it is not possible to start X.
>  
>  You can still use `xdm' or a similar way of starting X11, because
>  it will be started by init(8) before the securelevel is raised by
>  the `/etc/rc.d/securelevel' script.
>  
>  I don't think this is worth mentioning in security(7), because
>  we can't possibly document *ALL* the possible things that can
>  fail with a bumped securelevel.
>  

It it probably worth mentioning somewhere, as it will avoid some foot 
shooting from unaware users. One can discuss though that if the extra 
security provided by the security level is needed, maybe the system 
shouldn't run X in the first place.
Just my SEK 0.02
//Niclas