Subject: Re: Integrate aperture driver?
To: Andrew Brown <atatat@atatdot.net>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: port-i386
Date: 06/13/2001 16:45:08
On Wed, Jun 13, 2001 at 04:16:30PM -0400, Andrew Brown wrote:
> >> doesn't the aperture driver also limit the number of open()s to 1?
> >> with a machine at securelevel 1 and the aperture driver loaded and x
> >> running...how much do you lose?
> >
> >ps axw | awk '/X/ {print $1}' | xargs kill
>
> sure, or
>
> ps axw | awk '/X/{print"kill -9",$1}' | sh
>
> but can i, as a regular user, kill my own x server? what about one
> started by xdm?
Uh, Andrew?
Who *cares*? The point of the securelevel model is to ensure that rogue
processes *running as root* can be prevented from doing lasting damage to
the system. If you can write arbitrary memory, the whole thing falls
apart.
The aperture driver's limiting the number of open()s to 1 does zero good
whatsoever towards this end; you can just kill the X server that's got
the aperture device open, do your dirty work, and go home.
Thor