A quick question about X11 and securelevels

Roland Smith rsmith at xs4all.nl
Sun Aug 28 09:44:54 GMT 2005

On Sun, Aug 28, 2005 at 12:59:36PM +0400, Dmitry Mityugov wrote:
> On 8/28/05, Tom Norris <tom at trancegeek.net> wrote:
> > I understand the things like not allowing the system clock to change and
> > not allowing formatting of filesystems, but I want to know why you can't
> > run x11 when you have a securelevel greater than or equal to one.  there
> > is no _serious_ reason I wish to know, I'm just curious and google keeps
> > feeding me tutorials on making my FreeBSD machine furiously hard to
> > crack.  :)

A securelevel >0 prevents /dev/mem and /dev/io to be opened for
writing. X need to write to these devices.
> Not an exact answer to your question, but securelevel does not
> prohibit you from runnung X if it is set after X started (from one of
> .x... files in your home directory instead of rc.conf perhaps?)

The security level is set with sysctl (kern.securelevel). You must be
root to set it.

R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text.
public key: http://www.xs4all.nl/~rsmith/pubkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050828/81352611/attachment.bin

More information about the freebsd-questions mailing list