Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Dec 1997 23:38:08 +0100
From:      J Wunsch <j@uriah.heep.sax.de>
To:        ITG staff <jin@george.lbl.gov>
Cc:        bugs@FreeBSD.ORG
Subject:   Re: kern.securelevel auto from 0 to 1 ?bug/feature?
Message-ID:  <19971202233808.28585@uriah.heep.sax.de>
In-Reply-To: <199712021656.IAA25972@george.lbl.gov>; from ITG staff on Tue, Dec 02, 1997 at 08:56:11AM -0800
References:  <199712021656.IAA25972@george.lbl.gov>

next in thread | previous in thread | raw e-mail | index | archive | help
As ITG staff wrote:

> > No.  If you had read my mail, you knew the answer (and even the `how').
> 
> That solution is for a householder duty v.s. a president duty.
> Besides to startx first and then set securelevel to 1, I did not see

I didn't say anything about `startx'.  The only useful solution in
this case is to use xdm.

> there is another way to run X in secure mode. As you mentioned that the
> user cannot exit the X, which is awkward.

You're wrong, again.  You can logout, you only need to be careful to
not kill the Xserver when logging out.  (Normally, when logging out
xdm, it only resets the server, but doesn't kill it.)

> Since level 1 is for multi-users mode, it should let user to access the
> basic resource. If level-2 prohibits X to start, I would not be bothered,
> but level-1 should not stop running X.

As i mentioned before, i don't think the current state of the art is
anything much _desirable_, but i don't see any solution that'll be
ready within the current millenium, short of opening the wide security
hole of ``allow access to any and all hardware even with raised
securelevel''.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971202233808.28585>