Subject: Re: XFree86-3.1.1
To: None <current-users@NetBSD.ORG>
From: Roland McGrath <>
List: current-users
Date: 03/05/1995 13:30:05
   cc: current-users@NetBSD.ORG, thecure <>
   From: matthew green <>
   Date: Sun, 05 Mar 1995 23:40:49 +1100
   Sender: owner-current-users@NetBSD.ORG
   Precedence: list
   X-Loop: current-users@NetBSD.ORG

       There are two ways to allow XFree86 to access linear memory:

       1. Disable the kernel security feature by initializing the
       ``securelevel'' variable to -1 in /sys/kern/kern_sysctl.c, line
       205 and building a new kernel. For more informations, see the
       comments in /usr/include/sys/systm.h.

   there is also roland mcgrath's defeat-securelevel loadable
   module that he posted here many many months ago.  check the
   archives.  it used to work a long time ago, but it might
   need porting now (i don't think so, but i haven't any idea
   if it will or not).

It still works fine; I haven't even recompiled it in ages.  It works
with the -current kernel I just built yesterday.

I had to change `nosys' to `lkm_nofunc' to get it to compile anew
against a -current /sys/sys.

Here is the current source for the module:

/* Trivial loadable kernel module to defeat the "kernel security level".

   Written 21 Jun 94 by Roland McGrath.
   The author places this file in the public domain.

   The module can only be loaded at security level 0 (single user,
   /etc/rc); it does nothing but set the security level to -1.  It can
   be unloaded at any time, which will reset the level to 0 if it is
   still -1.

   Compile with:
     cc -I/sys -c defeat-securelevel.c

   I use the following in /etc/rc.local to load this:
     if [ -r /etc/defeat-securelevel.o ]; then
       # Disable annoying "security".
       modload -e insecure -o /etc/defeat-securelevel /etc/defeat-securelevel.o

#define KERNEL
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/exec.h>
#include <sys/lkm.h>

MOD_MISC ("defeat-securelevel")

static int
module_handle (struct lkm_table *lkmtp, int cmd)
  struct lkm_misc *args = lkmtp->private.lkm_misc;

  switch (cmd)
    case LKM_E_LOAD:
      if (lkmexists (lkmtp))
	return EEXIST;
      if (securelevel > 0)
	return EPERM;
      securelevel = -1;
      return 0;

    case LKM_E_UNLOAD:
      if (securelevel < 0)
	securelevel = 0;
      return 0;

      return EINVAL;

insecure (struct lkm_table *lkmtp,
	  int cmd,
	  int ver)