DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th April 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default would machdep.allowaperture=0 be enough to disable X ?

Hi everybody !

Would 'machdep.allowaperture=0' be enough to disable X related files ?
I installed OpenBSD the usual way , with X enabled .. then decided to use the machine as an Xless server only ..

Thanks ..
Reply With Quote
  #2   (View Single Post)  
Old 4th April 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

Certainly. You will need the system to be in securitylevel 0 (single user mode) to effect the change to a running system.
Reply With Quote
  #3   (View Single Post)  
Old 4th April 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Hi jgimmi ! Thanks for the tip ..
you mean : 'sysctl kern.securlevel=0' ?
Reply With Quote
  #4   (View Single Post)  
Old 5th April 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

what if I want to *remove* all X related sets .. what's the procedure ?
Reply With Quote
  #5   (View Single Post)  
Old 5th April 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,930
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
what if I want to *remove* all X related sets ..
It will be far simpler to reinstall. However, if you insist, you could look at the contents of the X install sets, & script removal of each & every file, but you will need to reset machdep.allowaperture as well.

As an/the administrator to your system(s), you should be able to state at any time (with no reservation...) just what is/are the state of your system(s). Gutting the filesystem of major components by hand isn't foolproof.
Reply With Quote
  #6   (View Single Post)  
Old 5th April 2012
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 631
Thanked 9 Times in 9 Posts
Default

I am not able to find the reference but I believe that some of the base applications have been compiled with X dependencies - you can open up quite a can of worms.
Reply With Quote
  #7   (View Single Post)  
Old 5th April 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,930
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by shep View Post
I am not able to find the reference but I believe that some of the base applications have been compiled with X dependencies - you can open up quite a can of worms.
Section 15.4.1 may be what you are recalling, & knowing how daemonfowl likes to build his own ports, the warning needs to be emphasized:
Code:
Another common failure is a missing X11 installation. Even if the port you try to
build has no direct dependency on X11, a subpackage of it or its dependencies
may require X11 headers and libraries. Building ports on systems without X11 is
not supported, so if you insist on doing so, you are on your own to figure it 
out. For many ports, there are, however, "no_x11" flavored packages available, 
which you can install without needing X11 on your system.
Reply With Quote
  #8   (View Single Post)  
Old 5th April 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Ocicat , thanks you so much !
smart of you to quote the section .. it helped me decide once for all to never think of excluding X sets .. :-) ..
Thanks Shep ! your point was productive
I love this BSD-Lore Cradle called DaemonForums ..
Reply With Quote
  #9   (View Single Post)  
Old 5th April 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
Hi jgimmi ! Thanks for the tip ..
you mean : 'sysctl kern.securlevel=0' ?
securelevel (7), init(8)
Reply With Quote
Old 6th April 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Thank you @jgimmi !
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable the pc speaker (beep)? aleunix OpenBSD General 2 11th March 2012 03:53 PM
How to disable touchpad gpatrick OpenBSD General 3 4th March 2012 03:36 PM
value of machdep.allowaperture for openbox sepuku OpenBSD General 6 4th July 2011 12:04 AM
vesafb driver with machdep.allowaperture=0 bruguiea OpenBSD General 4 19th October 2010 09:20 PM
Disable Ctrl+Alt+Backspace There0 OpenBSD General 9 1st January 2010 02:38 AM


All times are GMT. The time now is 08:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick