Skip site navigation (1)Skip section navigation (2)
Date:      23 Dec 2004 21:01:52 -0500
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        Mark <mark@darklogik.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Xorg & xdm & securelevels
Message-ID:  <44is6ssbcf.fsf@be-well.ilk.org>
In-Reply-To: <20041222223050.A67744@logik.ath.cx>
References:  <20041222223050.A67744@logik.ath.cx>

next in thread | previous in thread | raw e-mail | index | archive | help
Mark <mark@darklogik.org> writes:

> I would like to push my securelevel up to 1 in order to better enforce
> my security policy (protecting chflags, kernel modules etc) but this
> of course would break Xorg as it requires access to /dev/io. I've
> heard that it's possible to run Xorg via xdm whilst the system is
> booting at securelevel 0 and have the securelevel raised afterwards,
> effectively allowing X to live in a securelevel > 0 environment.

Sure.  I don't bother for my own machines, because I'm very careful
about authentication methods, but it's certainly 

> How painful is this to implement? Am I likely to run into any
> major problems?

It's trivial to implement, and will work fine.  
If I remember correctly, setting the securelevel by the normal rc.conf
method and enabling xdm from ttys(5) should do it.

> I've also heard that it's possible to remove the SUID bit from X
> by using xdm, but that's probably for another thread...

Yep, completely different topic.

It's true that it's possible, but if you're in a raised securelevel,
it's also not going to gain you much.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44is6ssbcf.fsf>