Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz> writes:
> > an alternative to that if you wish. The aperture driver does not,
> > however, add any appreciable security so I'm not sure I really see the
> > point in it.
> 
> Well, options INSECURE enables many other insecure things besides
> writing to /dev/mem.

Once you can write to /dev/mem there is no system security at all anyway.

> For example, writing to mounted disks, and changing
> file flags. Doesn't options INSECURE completely cancel any benefit of
> file flags (immutable and append-only)?

Given that an X server running the the aperture driver can do any of
those things, too, why do you care? All modern video cards let you
do things like DMAing in and out of arbitrary memory locations. The
only way to run X and be secure is to have the card driver completely
in the kernel.

-- 
Perry E. Metzger		perry@piermont.com