In message <20050714131230.GC9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 08:42:04, Steven M. Bellovin wrote:
>> 
>> Right.  As I noted in my earlier post, chroot() isn't proof against 
>> root.
>> 
>> As for the default security level of 1 -- for anyone who wants to run 
>> X, that's simply not possible.  I understand why, of course, but it 
>> doesn't help with everything else. 
>
>But that's what we have the aperture lkm for. It allows exactly one
>process to get r/w access to the memory space of the VGA board. AFAIK
>almost all modern drivers work with this workaround. In all other
>respects it still has all the features of a normal kernel running
>at securelevel 1. No write access to devices of mounted disks, no
>access to /dev/(k)mem, ...
>

Thanks, though I confess that the thought of a security mechanism 
requiring LKM to be enabled is amusing...

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb