diff options
author | christos <christos> | 2006-03-07 23:14:39 +0000 |
---|---|---|
committer | christos <christos> | 2006-03-07 23:14:39 +0000 |
commit | 6af9611bfeaf652ba61fcb9d3aa08d2cf7fbc921 (patch) | |
tree | 2fe55a0f06e255d0002e402ec591c3d5cfdb8229 /sysutils | |
parent | 1d817c719b653c30b8465b690f5cbc889b118ef2 (diff) | |
download | pkgsrc-6af9611bfeaf652ba61fcb9d3aa08d2cf7fbc921.tar.gz |
Don't give people a false sense of security.
Diffstat (limited to 'sysutils')
-rw-r--r-- | sysutils/aperture/MESSAGE | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/sysutils/aperture/MESSAGE b/sysutils/aperture/MESSAGE index ef16e5512a1..425bdd21861 100644 --- a/sysutils/aperture/MESSAGE +++ b/sysutils/aperture/MESSAGE @@ -1,5 +1,5 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.1 2002/01/27 19:31:59 jlam Exp $ +$NetBSD: MESSAGE,v 1.2 2006/03/07 23:14:39 christos Exp $ Add the following line to /etc/lkm.conf: @@ -9,5 +9,22 @@ and set: lkm=YES -in /etc/rc.conf. Then, reboot your system. +in /etc/rc.conf. Then, /etc/rc.d/lkm3 restart + +************************** +**** SECURITY WARNING **** +************************** + +Please note that use of this driver only raises the bar somewhat +on breaking the securelevel abstraction. Loading this driver provides +the opening process with access to various things that can write +anywhere in memory (such as DMA engines, frame-buffer paint engines, +SMM). While one has to write a little more code to aim these memory +writers at the securelevel variable in kernel memory, it is not really +difficult to do so. Finally the fact that only one process can have +/dev/xf86 open at a time does not win much since root can kill it +at anytime and start another process. This exploit has to do with +root being able to change the security level and do things it could +not do before. + =========================================================================== |