[cap-talk] "Security Issues related to Pentium System Management Mode"
Jim Dennis
jimd at starshine.org
Tue May 9 19:45:17 EDT 2006
On Thu, May 04, 2006 at 11:25:50PM -0700, John Carlson wrote:
> I just confirmed that XDarwin is NOT setuid root, it runs as
> my normal user.
> Sounds like it's time to move away from Linux, to the super-secure
> MacOSX on intel. LOL! I recently discovered that if you download
> the developer's kit, it opens up a port on your machine, to shut off
> the port, you have to download even more software. growl.
> John
I'm not completely sure on this, but I seem to recall that X.org and
XFree86 drivers the code must run as root to gain access to the ioperm()
and iopl() system calls.
If the were confined to using framebuffer interfaces (using mmap on
device nodes under /dev/) then these X servers could/can run as non-root
(given appropriate permissions on the appropriate /dev/* nodes).
I suspect that XDarwin only supports framebuffer interfaces.
--
Jim Dennis
More information about the cap-talk
mailing list