port-pmax: X11 server on 1.6.1 : securelevel 1 vs. 0

Subject: X11 server on 1.6.1 : securelevel 1 vs. 0
To: None <port-pmax@netbsd.org>
From: Jean-Pierre HOFER <jph@stephenson.net.dhis.org>
List: port-pmax
Date: 10/11/2003 16:16:05

> > > in the distribution ship without this (for security reasons obviously).  
> > > Last I checked, this prevents X from working on most systems.
> > 
> > There is a PR #17894 about the X server problem
> > (http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=17894)
> > 
> > BUT for 1.6_BETA5 NetBSD 1.6_BETA5.
> > 
> > Is it still valid for 1.6.1 and for the latest NetBSD-daily ?
> 
> 	A quick search for XdecNetBSD on google seems to answer yes to 
> both branches. (Unless you add the insecure kernel option)

OK.
I will try to install and run the X11 server with the newest NetBSD-daily.
First without insecure kernel option and, if not successfull, with.

But what are the practical implications of securelevel = 0 instead of 1 ?
Is it effectively less secure in the real life ?

(init(8)) says

     0     Insecure mode - immutable and append-only flags may be changed.
           All devices may be read or written subject to their permissions.

     1     Secure mode - system immutable and system append-only flags may not
           be turned off; disks for mounted filesystems, /dev/mem, and
	   /dev/kmem are read-only.

but this explanation is not very helpfull.


Jean-Pierre