Date: Tue, 9 Jan 2001 08:57:15 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Rasputin <rasputin@FreeBSD-uk.eu.org> Cc: freebsd-security@freebsd.org Subject: Re: Running X in securelevels > 0 ? Message-ID: <Pine.NEB.3.96L.1010109085059.63837A-100000@fledge.watson.org> In-Reply-To: <20010109094651.A24037@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Jan 2001, Rasputin wrote: > But I was talking to an OpenBSD user over the weekend who said that 2.7 > somehow manages to reserve access to certsain devices by running some > kind of wrapper before the securelevel is used (although that may be > bull). OpenBSD has an "apperture" driver that presumably works by making a specific subset of hardware controls available in higher securelevels, carefully selected so that the subset is sufficient for the purposes of graphics in X, but not sufficient to violate kernel protections. Unfortunately, I've not had the opportunity to look more closely than that at this point. If you're interested in looking at porting it, I think there would be interest in integrating it into the base FreeBSD source tree: while the OpenBSD project uses it specifically to address concerns with securelevels, it would also be useful in other mandatory access control environmnents, or environments where the privilege model is not the root-trumps-all model. When porting it, it would be useful to do an analysis of how effective the driver is at providing only the necessary subset, and that it doesn't allow access to video subsystem functions that might be manipulable to gain privilege, or violate other system policies. Having X functionality without the ability to directly manipulate all hardware would be very desirable. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010109085059.63837A-100000>