> I can see that there might be reasonable arguments for making
> the level of kernel security optional. Or just include the aperture
> driver in the tree. If anyone is going to be putting things into the
> kernel, it should be the NetBSD team, not XFree86, and having device
> drivers as standard equipment makes for good PR.

The aperture 'driver' is _NOT_ a device driver.  Assuming you think
that the 'kernel security level' scheme is worth anything, it is
simply a security hole.  the only thing that it does is provide a
mechanism by which /dev/mem can be mapped read-write regardless of the
setting of the kernel security level.  This allows any process which
can write /dev/mem the ability to completely disable kernel security.

It is possible to achieve the same effect as the aperture 'driver' by
compiling a kernel with 'securelevel' set to -1, or patching the
kernel binary to get the same effect.  in no way is the aperture
driver necessary, for anything at all, because you don't even need to
compile a kernel to get its effects.

Given that the aperture driver is unnecessary and bypasses the
kernel's security level code without informing the user of this,
there's no reason why we should distribute it, and there are a fair
number of reasons why we shouldn't.


There are other possiblities that could be better than the aperture
driver.  for instance, allow mappings of /dev/vga both in the normal
VGA video RAM area, and above however much RAM happens to be in the
machine.  It's not clear how safe _that_ is to me, however, for other
reasons.  But no matter how you cut it, we should _NOT_ be
distributing or supporting the aperture driver.



cgd