Date: Thu, 17 Nov 2011 19:19:25 +0100 From: ian ivy <sidetripping@gmail.com> To: Jason Hellenthal <jhell@dataix.net> Cc: freebsd-security@freebsd.org Subject: Re: Starting X11 with kernel secure level greater than -1/0. Message-ID: <CAASvXNuYxVp7R5KkYr27Tcj8tXAgqF4RuU=fO=kVh-6y2=SSxA@mail.gmail.com> In-Reply-To: <20111117072023.GA94228@DataIX.net> References: <CAASvXNst0PXOjBjerx5wK5Qyf4AipQBbqt9Xxhx7-2FDYBdi7w@mail.gmail.com> <20111117072023.GA94228@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Jason. Of course opening (or doing whatever with) mem, kmem etc. is a security flaw. A fatal flaw. I thought that OpenBSD team has done nice work to achieve a compromise between security and the use of X and it could be done with FreeBSD. I already have implemented some of MAC's policies (e.g. mac_seeotheruids), and a couple of sysctl's options, but for now, it is implemented for various testing. I have to read a lot more on these topics. :-) Kernel without BPF? OK! But not for now - I need to have DHCP upon startup for some time yet.! :-) Best regards!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAASvXNuYxVp7R5KkYr27Tcj8tXAgqF4RuU=fO=kVh-6y2=SSxA>