Don't give people a false sense of security.

1 files changed, 19 insertions, 2 deletions

diff --git a/sysutils/aperture/MESSAGE b/sysutils/aperture/MESSAGE
index ef16e5512a1..425bdd21861 100644
--- a/sysutils/aperture/MESSAGE
+++ b/sysutils/aperture/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.1 2002/01/27 19:31:59 jlam Exp $
+$NetBSD: MESSAGE,v 1.2 2006/03/07 23:14:39 christos Exp $
 
 Add the following line to /etc/lkm.conf:
 
@@ -9,5 +9,22 @@ and set:
 
     lkm=YES
 
-in /etc/rc.conf.  Then, reboot your system.
+in /etc/rc.conf.  Then, /etc/rc.d/lkm3 restart
+
+**************************
+**** SECURITY WARNING ****
+**************************
+
+Please note that use of this driver only raises the bar somewhat
+on breaking the securelevel abstraction. Loading this driver provides
+the opening process with access to various things that can write
+anywhere in memory (such as DMA engines, frame-buffer paint engines,
+SMM). While one has to write a little more code to aim these memory
+writers at the securelevel variable in kernel memory, it is not really
+difficult to do so. Finally the fact that only one process can have
+/dev/xf86 open at a time does not win much since root can kill it
+at anytime and start another process. This exploit has to do with
+root being able to change the security level and do things it could
+not do before.
+
 ===========================================================================