Subject: Re: Integrate aperture driver?
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Andrew Brown <atatat@atatdot.net>
List: port-i386
Date: 06/13/2001 16:55:23
>> >> doesn't the aperture driver also limit the number of open()s to 1?
>> >> with a machine at securelevel 1 and the aperture driver loaded and x
>> >> running...how much do you lose?
>> >
>> >ps axw | awk '/X/ {print $1}' | xargs kill
>>
>> sure, or
>>
>> ps axw | awk '/X/{print"kill -9",$1}' | sh
>>
>> but can i, as a regular user, kill my own x server? what about one
>> started by xdm?
>
>Uh, Andrew?
yesh?
>Who *cares*? The point of the securelevel model is to ensure that rogue
>processes *running as root* can be prevented from doing lasting damage to
>the system. If you can write arbitrary memory, the whole thing falls
>apart.
i'm not talking about a rogue process. i'm talking about the x
server. um...without securelevels, isn't netbsd only as secure as
other versions of "unix"?
>The aperture driver's limiting the number of open()s to 1 does zero good
>whatsoever towards this end; you can just kill the X server that's got
>the aperture device open, do your dirty work, and go home.
yes, but i consider the x server a necessary evil. for me. on my
machines that are not server. sort of a smaller insect compared to
the idea of running with "options INSECURE" which is a large insect.
aim for the lesser of two weevils.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."