> In article <199806292255.SAA19957@jekyll.piermont.com>,
> 	"Perry E. Metzger" <perry@piermont.com> writes:
> > 1) It won't increase your security.
> 
> IMHO it does. It only a allow access for *one* application. So if you start
> your X11 server via "xdm" during system startup no other application can
> access it.

Except then, a root-privs process can _kill_ xdm and the X server...

A large part of the kernel 'security' model has to do with preventing
even root from performing certain operations.  The aperture driver
lessens those protections in such a way that if it's in the system, a
'smart' user process can take over the system just as if 'options
INSECURE' were set.  The amount of 'smarts' necessary is surprisingly
small.



cgd