Xorg & xdm & securelevels
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Thu Dec 23 18:01:54 PST 2004
Mark <mark at darklogik.org> writes:
> I would like to push my securelevel up to 1 in order to better enforce
> my security policy (protecting chflags, kernel modules etc) but this
> of course would break Xorg as it requires access to /dev/io. I've
> heard that it's possible to run Xorg via xdm whilst the system is
> booting at securelevel 0 and have the securelevel raised afterwards,
> effectively allowing X to live in a securelevel > 0 environment.
Sure. I don't bother for my own machines, because I'm very careful
about authentication methods, but it's certainly
> How painful is this to implement? Am I likely to run into any
> major problems?
It's trivial to implement, and will work fine.
If I remember correctly, setting the securelevel by the normal rc.conf
method and enabling xdm from ttys(5) should do it.
> I've also heard that it's possible to remove the SUID bit from X
> by using xdm, but that's probably for another thread...
Yep, completely different topic.
It's true that it's possible, but if you're in a raised securelevel,
it's also not going to gain you much.
More information about the freebsd-questions
mailing list