On Wed, Jun 12, 2019 at 06:20:55PM +0200, Stephane HUC "PengouinBSD" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > In the french documentation on obsd4a's wiki, I wrote: > > "When to add this option? > When you see into xorg.log: > $ head /var/log/Xorg.0.log > [ 33.839] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem > (Operation not permitted) > Check that you have set 'machdep.allowaperture=1' > in /etc/sysctl.conf and reboot your machine > refer to xf86(4) for details > (...) > " > It's right? > > You mention security risks and others problems. > Which? > Could you explain simply, please?
Well, duh. allowaperture allows you to open the graphics device, which was the old model prior to intel graphics and more. *if* X + inteldrm no longer needs the graphics device, it does not open it. ... but it's still around. ... and allowaperture means some program could possibly still open it, thus gaining low-level access to some part of the graphics card. The attack surface of graphics hardware being huge, it's likely you can still do harm through that backdoor.
