From owner-freebsd-current  Mon Jul  6 15:12:31 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA29417
          for freebsd-current-outgoing; Mon, 6 Jul 1998 15:12:31 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from mail.camalott.com (root@[208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA29169
          for <current@FreeBSD.ORG>; Mon, 6 Jul 1998 15:12:01 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-124.camalott.com [208.229.74.124])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id RAA17487;
	Mon, 6 Jul 1998 17:11:43 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.8.8/8.8.8) id RAA09001;
	Mon, 6 Jul 1998 17:11:22 -0500 (CDT)
	(envelope-from joelh)
Date: Mon, 6 Jul 1998 17:11:22 -0500 (CDT)
Message-Id: <199807062211.RAA09001@detlev.UUCP>
To: jkh@time.cdrom.com
CC: smoergrd@oslo.geco-prakla.slb.com, tarkhil@asteroid.svib.ru,
        current@FreeBSD.ORG
In-reply-to: <26015.899757973@time.cdrom.com> (jkh@time.cdrom.com)
Subject: Re: xf86OpenConsole: KDENABIO failed (Operation not permitted)
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References:  <26015.899757973@time.cdrom.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>> Most things that are disallowed under securelevel 1 are things that
>> aren't frequently done except during rc, a system install, or an
>> attack.  But running X is a normal operation.  I'd classify it as a
>> bug myself.
> Actually, running X is not a "normal" operation at all - it performs
> inb/outb instructions and does various privileged bits of syscons
> frobbing that could be potentially quite hazardous in the hands of the
> deliberately malicious.  Running an X server should be a conscious
> compromise of certain types of security.

While I will agree that it does not run in a normal manner, it is not
an infrequent operation.

I was about to continue that paragraph, when the question occurred:
Are there no other userland programs (besides wine and doscmd) that do
these ops?

(Mind you, I'm not arguing that this should be fixed; we just don't
have the people to fix every nit.  I'm arguing that it's a Bad Thing.)

Happy hacking,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message