[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4DB31F6F.9090209@msgid.tls.msk.ru>
Date: Sat, 23 Apr 2011 22:50:23 +0400
From: Michael Tokarev <mjt@....msk.ru>
To: owl-dev@...ts.openwall.com
Subject: Re: GSoC: overview of grsecurity and -ow patches
Just a quick note, may be only somewhat related to whole message.
23.04.2011 18:25, Vasiliy Kulikov wrote:
[]
> GRKERNSEC_KMEM [-]
> "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
> GRKERNSEC_IO [-]
> "Disable privileged I/O"
>
> These look like a securelevel, which is not native in Linux.
> /dev/kmem is already configurable via CONFIG_DEVKMEM. X Server wants
> ioperm anyway, and they are already limited in containers.
X server is very different nowadays, it does not program hardware
directly, only kernel component does that (kms aka kernel mode setting).
For major graphics cards (nvidia, radeon and intel) UMS (user mode
setting) is not supported anymore, it is only supported for old
obsolete graphics for which no KMS driver is written.
Basically, with KMS, X server does not need any additional privileges.
But in 2.6.32 kernel graphics support is too limited still to
be useful for real X usage - for modern cards anyway.
JFYI.
/mjt
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
