Starting X11 with kernel secure level greater than -1/0.
    ian ivy 
    sidetripping at gmail.com
       
    Thu Nov 17 18:19:26 UTC 2011
    
    
  
Thanks Jason. Of course opening (or doing whatever with) mem, kmem etc.
is a security flaw. A fatal flaw. I thought that OpenBSD team has done nice
work to achieve a compromise between security and the use of X and
it could be done with FreeBSD.
I already have implemented some of MAC's policies (e.g. mac_seeotheruids),
and a couple of sysctl's options, but for now, it is implemented for
various testing.
I have to read a lot more on these topics. :-)
Kernel without BPF? OK! But not for now - I need to have DHCP upon startup
for some time yet.! :-)
Best regards!
    
    
More information about the freebsd-security
mailing list