Subject: Re: Privilege Elevation with systrace
To: Julio Merino <>
From: Andrew Brown <>
List: current-users
Date: 10/11/2002 18:28:51
>> or allow an application to read /dev/kmem
>>  netbsd-fsread: filename "/dev/kmem" then permit as :kmem
>So, this means that we do not need `aperture' any longer to run XFree86
>with a non-INSECURE kernel ?

"read".  not "write".

x still needs to write to /dev/mem in order to work, and that's still
not allowed even for root at securelevels higher than 0.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."