Date: Tue, 13 Jul 1999 06:34:49 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Greg Black <gjb-freebsd@gba.oz.au> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: Module magic Message-ID: <Pine.BSF.3.96.990713062706.14450C-100000@fledge.watson.org> In-Reply-To: <19990713010531.2897.qmail@alice.gba.oz.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Jul 1999, Greg Black wrote:
> Garrett Wollman writes:
>
> > > FWIW, I believe NetBSD systems (and OpenBSD systems) ship configured to
> > > boot with securelevel == 0, as opposed to FreeBSD which appears to default
> > > to -1.
> >
> > We think our users are more concerned about X working.
>
> Are you saying that X does not work when securelevel >= 0 under
> FreeBSD?
If I recall, the XiG Accelerated X product requires direct access to
memory. vm_mmap.c:
/*
* cdevs does not provide private mappings of any
kind.
*/
/*
* However, for XIG X server to continue to work,
* we should allow the superuser to do it anyway.
* We only allow it at securelevel < 1.
* (Because the XIG X server writes directly to
video
* memory via /dev/mem, it should never work at
any
* other securelevel.
* XXX this will have to go
*/
Their code should probably not do this, as direct memory access violates
kernel safety.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Computing Laboratory at Cambridge University
Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990713062706.14450C-100000>