Subject: Re: i386 + aperture + 1.6Q
To: Perry E. Metzger <>
From: Greywolf <>
List: current-users
Date: 03/28/2003 11:09:03
Thus spake Perry E. Metzger ("PEM> ") sometime Today...

PEM> However, once you're running X, you are allowing a known insecure
PEM> userland process to arbitrarily change kernel memory...

I know, I know -- it doesn't work as planned, but is there no way for
the kernel aperture driver to enforce that you can only modify memory
that is germane to the display?  Can't it divine the information from
the graphics card such that it can say "You are allowed to modify the
following addresses"?

I don't quite understand why this can't be done.  If it's hauled into
the kernel as an LKM, after which the securelevel is raised, then why
can't it enforce the boundaries?

PEM> Perry

Instead of asking why a piece of software is using "1970s technology",
start asking why software is ignoring 30 years of accumulated wisdom.