Date: Tue, 10 Oct 1995 13:06:24 -0400 From: "Garrett A. Wollman" <wollman@lcs.mit.edu> To: "Justin T. Gibbs" <gibbs@freefall.FreeBSD.org> Cc: Andrew Herdman <andrew@whine.com>, freebsd-questions@FreeBSD.org Subject: Re: A few questions Message-ID: <9510101706.AA10186@halloran-eldar.lcs.mit.edu> In-Reply-To: <199510101700.KAA04725@aslan.cdrom.com> References: <9510101535.AA10002@halloran-eldar.lcs.mit.edu> <199510101700.KAA04725@aslan.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 10 Oct 1995 10:00:47 -0700, "Justin T. Gibbs" <gibbs@freefall.cdrom.com> said: > It be nice if you could still run X while in secure mode 1 (or perhaps we > should add an extra secure level so you could do this?) without having > all of /dev/mem R/W. The problem is that some devices out there need to have their framebuffers reprogrammed into some arbitrary, large range of memory (outside the I/O hole). Allowing access to an arbitrary range of memory is tantamount to allowing access to all memory, which is the source of the problem. The X server also creates problems by its need to do in/out instructions. /dev/io should not be openable in secure mode, either. I have a number of times suggested that the right thing to do is to add a special ``privileged'' flag to indicate to the system that a binary should be allowed to do this. (Obviously, it can only be turned on by root in single-user mode.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9510101706.AA10186>