From owner-freebsd-hackers  Fri Feb  9 15:30:58 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from hand.dotat.at (sfo-gw.covalent.net [207.44.198.62])
	by hub.freebsd.org (Postfix) with ESMTP
	id C14D237B69B; Fri,  9 Feb 2001 15:30:37 -0800 (PST)
Received: from fanf by hand.dotat.at with local (Exim 3.20 #3)
	id 14RMzo-0006dS-00; Fri, 09 Feb 2001 23:30:32 +0000
Date: Fri, 9 Feb 2001 23:30:32 +0000
From: Tony Finch <dot@dotat.at>
To: Robert Watson <rwatson@freebsd.org>
Cc: 207.100@tj2.demon.co.uk, freebsd-hackers@freebsd.org
Subject: Re: /etc/security: add md5 to suid change notification?
Message-ID: <20010209233032.S461@hand.dotat.at>
References: <3A84689F.6625@tj2.demon.co.uk> <Pine.NEB.3.96L.1010209174800.42231D-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1010209174800.42231D-100000@fledge.watson.org>
Organization: Covalent Technologies, Inc
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Robert Watson <rwatson@freebsd.org> wrote:
>
>If X has open file descriptors for privileged devices for the purposes of
>direct memory access, the debugging interfaces (and possibly exploits in
>shared libraries) can be used to control the X server in such a way that
>securelevels can be disabled or circumvented.

Does the OpenBSD aperture device solve that problem?

Tony.
-- 
f.a.n.finch    fanf@covalent.net    dot@dotat.at
FINISTERRE SOLE: SOUTHEASTERLY VEERING SOUTHWESTERLY 5 TO 7, OCCASIONALLY GALE
8. OCCASIONAL RAIN. MODERATE OR POOR.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message