> The 'driver' allows only one open at a time. Since the Xserver keeps
> the 'device' open while running, someone running X (ou a machine
> running xdm) has kernel security. 

no they don't.

kernel security prevents people with root from writing to /dev/*mem,
from doing certain things to disk devices and files, etc.

the only people who can do that to begin with are people with root.
people with root can kill the X server, and then open the aperture
driver's device themselves.  they can then adjust the kernel security
level, and close the device.  a user on console would only notice that
X had crashed for some reason, and they probably wouldn't think twice
about that.

the point is, when kernel security is enabled, nothing except init can
lower the security level.  the aperture driver allows others to do so.


> For now,  even mmap'ing of /dev/vga has been disabled so no one can
> run X with kernel security. 

yes, i know; that's a bug.



chris