Tom Ivar Helbekkmo <tih@eunetnorge.no> writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
> > One note: there is no need to run the aperture driver. You can run X
> > perfectly well without it by setting options INSECURE.
> >
> > Given the nature of the X server and video cards, the aperture driver
> > does not actually substantially add to system security...
> 
> Have I misunderstood?  I thought setting INSECURE meant doing without
> several security related features, like enforced immutable and append
> only files, for instance?

Yes, you do indeed run at low securelevel once you do that.

However, once you're running X, you are allowing a known insecure
userland process to arbitrarily change kernel memory...

Perry