Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Aug 2005 11:44:46 +0200
From:      Roland Smith <rsmith@xs4all.nl>
To:        Dmitry Mityugov <dmitry.mityugov@gmail.com>
Cc:        Tom Norris <tom@trancegeek.net>, freebsd-questions@freebsd.org
Subject:   Re: A quick question about X11 and securelevels
Message-ID:  <20050828094446.GA17036@slackbox.xs4all.nl>
In-Reply-To: <b7052e1e050828015973762a93@mail.gmail.com>
References:  <43111AAE.6090402@trancegeek.net> <b7052e1e050828015973762a93@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 28, 2005 at 12:59:36PM +0400, Dmitry Mityugov wrote:
> On 8/28/05, Tom Norris <tom@trancegeek.net> wrote:
> > I understand the things like not allowing the system clock to change and
> > not allowing formatting of filesystems, but I want to know why you can't
> > run x11 when you have a securelevel greater than or equal to one.  there
> > is no _serious_ reason I wish to know, I'm just curious and google keeps
> > feeding me tutorials on making my FreeBSD machine furiously hard to
> > crack.  :)

A securelevel >0 prevents /dev/mem and /dev/io to be opened for
writing. X need to write to these devices.
=20
> Not an exact answer to your question, but securelevel does not
> prohibit you from runnung X if it is set after X started (from one of
> .x... files in your home directory instead of rc.conf perhaps?)

The security level is set with sysctl (kern.securelevel). You must be
root to set it.

Roland
--=20
R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text.
public key: http://www.xs4all.nl/~rsmith/pubkey.txt

--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFDEYeOEnfvsMMhpyURAmPnAJ9+oqvA/qWMsOoZgzmr6JAg1Js+igCfR3g4
TFW+LE/YXZ+nr1nr7xc9tOU=
=7L0S
-----END PGP SIGNATURE-----

--y0ulUmNC+osPPQO6--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050828094446.GA17036>