Subject: Re: i386 + aperture + 1.6Q
To: Tom Ivar Helbekkmo <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 03/28/2003 12:31:50
Tom Ivar Helbekkmo <email@example.com> writes:
> "Perry E. Metzger" <firstname.lastname@example.org> writes:
> > One note: there is no need to run the aperture driver. You can run X
> > perfectly well without it by setting options INSECURE.
> > Given the nature of the X server and video cards, the aperture driver
> > does not actually substantially add to system security...
> Have I misunderstood? I thought setting INSECURE meant doing without
> several security related features, like enforced immutable and append
> only files, for instance?
Yes, you do indeed run at low securelevel once you do that.
However, once you're running X, you are allowing a known insecure
userland process to arbitrarily change kernel memory...