From owner-freebsd-security  Tue Jul 13  3:35:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 7945814D70
	for <security@FreeBSD.ORG>; Tue, 13 Jul 1999 03:35:23 -0700 (PDT)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id GAA14745;
	Tue, 13 Jul 1999 06:34:49 -0400 (EDT)
	(envelope-from robert@cyrus.watson.org)
Date: Tue, 13 Jul 1999 06:34:49 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Greg Black <gjb-freebsd@gba.oz.au>
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG
Subject: Re: Module magic 
In-Reply-To: <19990713010531.2897.qmail@alice.gba.oz.au>
Message-ID: <Pine.BSF.3.96.990713062706.14450C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 13 Jul 1999, Greg Black wrote:

> Garrett Wollman writes:
> 
> > > FWIW, I believe NetBSD systems (and OpenBSD systems) ship configured to
> > > boot with securelevel == 0, as opposed to FreeBSD which appears to default
> > > to -1.
> > 
> > We think our users are more concerned about X working.
> 
> Are you saying that X does not work when securelevel >= 0 under
> FreeBSD?

If I recall, the XiG Accelerated X product requires direct access to
memory.  vm_mmap.c:

                        /*
                         * cdevs does not provide private mappings of any
kind.
                         */
                        /*
                         * However, for XIG X server to continue to work,
                         * we should allow the superuser to do it anyway.
                         * We only allow it at securelevel < 1.
                         * (Because the XIG X server writes directly to
video
                         * memory via /dev/mem, it should never work at
any
                         * other securelevel.
                         * XXX this will have to go
                         */

Their code should probably not do this, as direct memory access violates
kernel safety.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Computing Laboratory at Cambridge University
Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message