Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Oct 1995 13:06:24 -0400
From:      "Garrett A. Wollman" <>
To:        "Justin T. Gibbs" <>
Cc:        Andrew Herdman <>,
Subject:   Re: A few questions 
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
<<On Tue, 10 Oct 1995 10:00:47 -0700, "Justin T. Gibbs" <> said:

> It be nice if you could still run X while in secure mode 1 (or perhaps we
> should add an extra secure level so you could do this?) without having
> all of /dev/mem R/W.

The problem is that some devices out there need to have their
framebuffers reprogrammed into some arbitrary, large range of memory
(outside the I/O hole).  Allowing access to an arbitrary range of
memory is tantamount to allowing access to all memory, which is the
source of the problem.

The X server also creates problems by its need to do in/out
instructions.  /dev/io should not be openable in secure mode, either.

I have a number of times suggested that the right thing to do is to
add a special ``privileged'' flag to indicate to the system that a
binary should be allowed to do this.  (Obviously, it can only be
turned on by root in single-user mode.)


Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ...  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant

Want to link to this message? Use this URL: <>