[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Aperture, security

To: Peter Fairbrother <zenadsl6186@zen.co.uk>
Subject: Re: Aperture, security
From: Matthieu Herrb <matthieu.herrb@wanadoo.fr>
Date: Mon, 17 Jun 2002 08:03:48 +0200
Cc: <misc@openbsd.org>
References: <15628.60207.175902.276635@harvest.herrb.com> <B932F85B.1F8DA%zenadsl6186@zen.co.uk>

Peter Fairbrother wrote (in a message from Monday 17)
 > 
 > Thanks for the reply. I *have* to use X, and was wondering if there was a
 > known way to eliminate that risk.

Use better designed hardware, like sparc, or macppc. On sparc the
aperture driver is not used at all, on macppc or sparc64 it only gives
access to the video card's memory. 

You can also try to adapt the sparc64 vgafb driver to i386 if you
don't want to support ISA/VLB VGA cards (or buggy earlier PCI cards
that forgot to claim some of their memory space in PCI configuration
registers).

 > > start the X server with the '-nolisten tcp' option (either from
 > > /etc/X11/xdm/Xservers, or using a .xserverrc with startx). See the
 > > Xserver(1) man page for details.
 > 
 > Thanks, I should have thought of that. I'd still like to remove the code
 > that permits that function, rather than just switching it off.

You can  '#define ConnectionFlags -DUNIXCONN' in host.def, and
rebuild X. It may need some tweaks to compile though. 



					Matthieu

Follow-Ups:
- Re: Aperture, security
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>

References:
- Re: Aperture, security
  - From: Matthieu Herrb <matthieu.herrb@wanadoo.fr>
- Re: Aperture, security
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>

Prev by Date: preventing stop condition
Next by Date: Re: ipsec, nat and mtu problem in 3.1
Prev by thread: Re: Aperture, security
Next by thread: Re: Aperture, security
Index(es):
- Date
- Thread