>> # This "driver" essentially negates the security model.  If it's going to be
>> # committed, it should function *only* if securelevel < 1.
>> 
>> If you do this, it's no better than having options INSECURE, which is what
>> we do now.  The point of the aperture driver is so that you can still have
>> an otherwise secure kernel with the only defined access points being to the
>> video area by the aperture driver.
>
>That's a nice idea, but it doesn't actually work, for several
>reasons.  The most obvious one is that almost all modern video
>adapters include DMA engines that can access arbitrary physical
>addresses.  Less obviously, what's "the video area"?  Oh yeah?
>Are you sure?

doesn't the aperture driver also limit the number of open()s to 1?
with a machine at securelevel 1 and the aperture driver loaded and x
running...how much do you lose?

certainly, though, if a machine had the aperture driver installed (and
enabled), it would have to be running x, which would almost certainly
mean it was machine that i log in to and to which no one else does.
if i could help it.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."