Subject: Re: Integrate aperture driver?
To: Andrew Brown <atatat@atatdot.net>
From: Bill Squier <groo@old-ones.com>
List: port-i386
Date: 06/13/2001 17:30:58
On Wed, Jun 13, 2001 at 04:55:23PM -0400, Andrew Brown wrote:
> >> >> doesn't the aperture driver also limit the number of open()s to 1?
> >> >> with a machine at securelevel 1 and the aperture driver loaded and x
> >> >> running...how much do you lose?
> >> >
> >> >ps axw | awk '/X/ {print $1}' | xargs kill
> >> 
> >> sure, or
> >> 
> >> ps axw | awk '/X/{print"kill -9",$1}' | sh
> >> 
> >> but can i, as a regular user, kill my own x server?  what about one
> >> started by xdm?
> >
> 
> >Who *cares*?  The point of the securelevel model is to ensure that rogue
> >processes *running as root* can be prevented from doing lasting damage to
> >the system.  If you can write arbitrary memory, the whole thing falls
> >apart.

Read the above paragraph again.

Now read it again.

Okay, one more time.

Now let's reiterate what's being discussed here.

Does the aperture driver offer more security than "options INSECURE"?

The answer is a resounding "no".  In both cases, root is able to write to
arbitrary memory, and thus, all bets are off.  Please note that *all* of
the other guarantees offered by a securelevel > 0 depend on the fact that
root cannot write to arbitrary memory.  (and that this is only a sufficient
condition, *not* necessary one)

-- 
Bill Squier (groo@old-ones.com)                          http://www.netbsd.org

        I know I don't deserve another chance, but this _is_ America,
        and as an American, aren't I entitled to one?  --Sideshow Bob.