Subject: Re: i386 + aperture + 1.6Q
To: Tom Ivar Helbekkmo <>
From: Perry E. Metzger <>
List: current-users
Date: 03/28/2003 12:31:50
Tom Ivar Helbekkmo <> writes:
> "Perry E. Metzger" <> writes:
> > One note: there is no need to run the aperture driver. You can run X
> > perfectly well without it by setting options INSECURE.
> >
> > Given the nature of the X server and video cards, the aperture driver
> > does not actually substantially add to system security...
> Have I misunderstood?  I thought setting INSECURE meant doing without
> several security related features, like enforced immutable and append
> only files, for instance?

Yes, you do indeed run at low securelevel once you do that.

However, once you're running X, you are allowing a known insecure
userland process to arbitrarily change kernel memory...