Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jan 1999 23:54:43 -0500 (EST)
From:      Peter Philipp <pjp@bsd-daemon.net>
To:        freebsd-questions@FreeBSD.ORG
Subject:   XF86 3.3.3 and secure kernel level?
Message-ID:  <Pine.BSF.4.01.9901112333140.4234-100000@bsd-daemon.net>
next in thread | raw e-mail | index | archive | help 
I've noticed that I can't (x)start XF86 3.3.3 which is distributed in the
2.2.8-RELEASE when my kernel secure level is > 0.

If this has already been mentioned in -stable I apologize I'm not
currently subscribed to that list (forwards of discussions there welcome).  

The problem I have noticed is the following...

Fatal server error:
xf86OpenConsole: KDENABIO failed (Operation not permitted)

I've noticed on line 318 of
/usr/X11R6/src/xc/programs/Xserver/hw/xfree86/os-support/bsd/bsd_init.c 

an ioctl to KDENABIO is attempted if the following is true:

#if defined (SYSCONS_SUPPORT) || defined (PCVT_SUPPORT)
        case SYSCONS:
        case PCVT:
... 

further, the call does fail as I've tried to track down why and it seems
in the kernel in /usr/src/sys/i386/isa/syscons.c on line 1813 as the ioctl
for KDENABIO returns with EPERM (yup like above) if securelevel is higher
than 0.

    case KDENABIO:              /* allow io operations */
        error = suser(p->p_ucred, &p->p_acflag);
        if (error != 0)
            return error;
        if (securelevel > 0)
            return EPERM;
...

getting to the obvious questions,

1. What security implications would follow if the securelevel check was
bypassed allowing KDENABIO in secure kernel levels?

2. Is there a workaround with xf86 3.3.3 that anyone knows of allowing
higher secure kernel levels with X?

3. Is there anything obvious that I might have missed advising of this?

sources and distribution all from 2.2.8-RELEASE as used in my environment.


Peter Philipp (PP2441)
Daemonic Networks
"In theory, theory is the same as practice, but not in practice" - ???


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9901112333140.4234-100000>