[256] in netbsd-help mailing list archive
Security issues
daemon@ATHENA.MIT.EDU (Edwin Foo)
Fri Jul 7 16:51:09 1995
From: Edwin Foo <efoo@MIT.EDU>
To: netbsd-help@MIT.EDU
Date: Fri, 07 Jul 1995 16:50:43 EDT
Hello. I was trying to get X to run on my computer yesterday and
after quite a few hours of head scratching with the help of ghudson
I found that there might be a bug in the NetBSD Aperture driver,
preventing me from using the graphics accelerator chip on my
graphics card. However, the SVGA server is pretty slow with my
card (ATI Mach64 WinTurbo) and I would like to use the Mach64 server,
which requires linear access to the display memory to work.
Section 7.1 of /usr/X11/lib/X11/doc/README.NetBSD says:
>7.1. Aperture Driver
>
> By default NetBSD 0.9C and higher include a kernel security feature
> that disable access to the /dev/mem device when in multi-users mode.
> But XFree86 servers can take advantage (or require) linear access to
> the display memory.
>
> The P9000 and AGX servers require linear memory access, other
> accelerated servers can take advantage of it, but do not require it.
>
> There are two ways to allow XFree86 to access linear memory:
>
> 1. Disable the kernel security feature by initializing the
> ``securelevel'' variable to -1 in /sys/kern/kern_sysctl.c, line
> 205 and building a new kernel. For more informations, see the
> comments in /usr/include/sys/systm.h.
> 2. Install the aperture driver. ....
Seeing as how (2) is not a good option until the driver gets fixed, I would
like to try (1). However, I'm curious as to just how much or how little
security I lose by enabling access to /dev/mem in multiuser mode; mainly,
does this make my computer easy to break into? I don't know enough about
how NetBSD does its memory management/protection to figure that out, and
if anyone does I would appreciate some feedback before I decide to ask for
a new kernel.
Thank you,
Edwin Foo
efoo@mit.edu
