Correct.
>The problem is: X windows needs these calls, so if you forbid them in
>secure mode then bye bye X.
There are at least two solutions to this situation:
(1) GGI, the general graphics interface, puts a small amount of extra code
in kernel space so that programs using graphics (svgalib gam^H^H^Hprograms,
X servers, etc.) will no longer have to have special priviliges. See the
GGI link on http://synergy.caltech.edu/ for more info.
(2) Ted Ts'o <tytso@mit.edu> and others are working on implementing POSIX.6
privileges for Linux (POSIX.6 is now POSIX.1g or something like that;
I don't remember the exact letter) under which even in the absence of GGI
you could specify that certain programs can be trusted with I/O port access.
Please note that (1) and (2) are not at all mutually exclusive; I for one
would like to see both fully implemented.
-- Aaron Ucko (ucko@vax1.rockhurst.edu; finger for PGP public key) | Geek Code 3.1 [for explanation, finger hayden@mankato.msus.edu]: GCS/M/S/C d- s+: a18 C++(+++)>++++ UL++>+++ P++(+++) L+++(++++)>+++++ E- W+(-) N++(+) o+ K- w--- O M-@ V-(--) PS++(+++) PE- Y+ PGP(+) t(+) !5 X-- R(-) tv-@ b++(+++) DI+ D-- G++(+++) e>+++++(*) h!>+ r-(--)>+++ y? | "That's right," he said. "We're philosophers. We think, therefore we am." -- Terry Pratchett, _Small Gods_