Hi Theo, On 2006.03.14, at 9:41 PM, Theo de Raadt wrote:
Well, recently we have changed our minds, because we still feel that the aperture is too dangerous. And the vendors keep finding creative ways to squeeze more and more evil into their video cards! Please be aware that other operating systems don't even have an aperture device, because they simply let root processes talk to the video cards (via /dev/mem). Their X servers also run entirely as root, while ours is now privilege seperated and running jailed as user _x11. Even so, our privilege seperated X server is talking directly to the IO registers of a video card with much evil in it. And many newer video cards are very smart, capable, and thus dangerous. So we have concerns.
Are these new programable cards capable of reading main memory, which OpenBSD would not be able to prevent if machdep.allowaperture were set to something other than 0?
Shane
