On Jul 1, Matthieu Herrb wrote
> I'm really not smart enough to find out. Can you show me how to
> make use of the aperture driver to lower the securelevel or to perform 
> tasks normally forbidden when securelevel = 1 ?
> 
> I'd like to fix the aperture driver if possible, or to find a correct
> solution for a device driver managing the memory mapping of the
> framebuffer.
> 

Well, it should be really easy: the aperture driver allows writing to the
memory.
So if you can find the physical address of the '_securelevel' variable, you
can write another value here and it's done. 'nm /netbsd' will give you the
virtual address, translating to physical address should be easy for someone
which knows about the VM system. Another way to do this is to locate the
virtal adress of a well-know string (e.g _copyrigth) and locate it
in /dev/mem.

Fixing the aperture driver may be hard. I think this would require some
interraction with the VM system (and/or possibly the PMAP) to have a list
of physical "real memory" pages and dissalow accesses to these addresses.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--