>> >> doesn't the aperture driver also limit the number of open()s to 1?
>> >> with a machine at securelevel 1 and the aperture driver loaded and x
>> >> running...how much do you lose?
>> >
>> >ps axw | awk '/X/ {print $1}' | xargs kill
>> 
>> sure, or
>> 
>> ps axw | awk '/X/{print"kill -9",$1}' | sh
>> 
>> but can i, as a regular user, kill my own x server?  what about one
>> started by xdm?
>
>Uh, Andrew?

yesh?

>Who *cares*?  The point of the securelevel model is to ensure that rogue
>processes *running as root* can be prevented from doing lasting damage to
>the system.  If you can write arbitrary memory, the whole thing falls
>apart.

i'm not talking about a rogue process.  i'm talking about the x
server.  um...without securelevels, isn't netbsd only as secure as
other versions of "unix"?

>The aperture driver's limiting the number of open()s to 1 does zero good
>whatsoever towards this end; you can just kill the X server that's got
>the aperture device open, do your dirty work, and go home.

yes, but i consider the x server a necessary evil.  for me.  on my
machines that are not server.  sort of a smaller insect compared to
the idea of running with "options INSECURE" which is a large insect.
aim for the lesser of two weevils.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."