* Randy Kunkee <[EMAIL PROTECTED]> [020228 01:17]:
> I just upgraded to 4.5-stable and it reset my securelevel to 2 and
> enabled. Of course, X would not come up, x86OpenConsole failed with
> this KDENABIO error. The documentation I found on this suggests two
> solutions, both of which advise using XDM. First, running XDM from
> /etc/ttys, did not work, producing the same error. The second one,
> running as a full daemon from /usr/local/etc/rc.d does work, as long as
> I add a short sleep to give XDM time to start before securelevel is
> changed by init after finishing the startup scripts. The downside of
> this is that if I ever abort XDM for some reason, I won't be able to
> restart it, nor will I be able to start X directly (and playing with
> XDM is enough fun in itself anyway).
No, the idea behind running XDM is that if that opens /dev/io before the
securelevel is raised, it will be allowed to keep it open.
Since xdm only starts once, you don't have trouble getting into an
X session once you log out like you would using startx.
> Perhaps I have a conflict of interest. I want to run X and be secure.
> Is running X such a big gaping security hole that I'm left with my
> current solution (to restart X, I must reboot!)?
In a word, yes. X needed direct access to /dev/io last time I looked.
> Is there no reasonable change that could be made to the OS to grant access
> to let the X server do its thing (ie. allow running startx) without
> disarming the securelevel feature completely?
There was a patch out about a year ago to use the 'aperture driver',
which basically opens a hole for X to squirt through.
Search the lists, not sure if it would apply to STABLE cleanly.
--
Be braver -- you can't cross a chasm in two small jumps.
Rasputin :: Jack of All Trades - Master of Nuns ::
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
