From owner-freebsd-security  Tue Jul 13 11:17:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from alpha.sea-to-sky.net (sea-to-sky.net [204.244.200.240])
	by hub.freebsd.org (Postfix) with ESMTP id B007914DDF
	for <freebsd-security@freebsd.org>; Tue, 13 Jul 1999 11:17:13 -0700 (PDT)
	(envelope-from sreid@alpha.sea-to-sky.net)
Received: (from sreid@localhost)
	by alpha.sea-to-sky.net (8.9.1a/8.8.7) id LAA25100;
	Tue, 13 Jul 1999 11:16:50 -0700
Date: Tue, 13 Jul 1999 11:16:50 -0700 (PDT)
From: Steve Reid <sreid@alpha.sea-to-sky.net>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: Module magic
In-Reply-To: <19990713110916.A454@grok.nodomain>
Message-ID: <Pine.LNX.3.95.iB1.0.990713110957.24838A-100000@alpha.sea-to-sky.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > Are you saying that X does not work when securelevel >= 0 under
> > FreeBSD?
> 
> That is correct.  X requires direct access to I/O space, which is
> fundamentally incompatible with the notion of enhanced security.

I tried OpenBSD a while back (version 2.1) and X was able to function
with the default securelevel = 1.

This was done via the "aperture driver". I'm not familiar with the
details of how it works. I guess it provides access to limited ranges of
memory. 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message