Re: non root X

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2009-08-06 at 01:36 -0400, Ben Boeckel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dave Airlie wrote:
> 
> > On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote:
> >> Hi
> >> 
> >> A few days back I ran into
> >> 
> >> http://lists.x.org/archives/xorg-devel/2009-July/001293.html
> >> 
> >> I am wondering, since we are already using KMS in most places 
> in Fedora,
> >> how far are we from achieving this by default in a Fedora 
> release?
> > 
> > non-root X is a big security hole at the moment, and until we 
> get
> > revoke() support in the kernel, we can probably move X to 
> running as a
> > special user, and maybe once we get revoke to running as the 
> real user.
> > 
> > However it doesn't solve the issue how we know we need or 
> don't need
> > root since X only figures out what graphics drivers are needed 
> after
> > starting, so if you needed a non-kms gpu driver we wouldn't 
> know
> > until after we'd started as non-root.
> > 
> > Dave.
> > 
> 
> Could permissions be raised temporarily? PolicyKit with 
> (defaulted) auto-approve to load an appropriate driver?


Maybe we could do something with SELinux, but I don't think
we can do anything without getting revoke. or maybe some
process capabilties if such things worked.

Dave.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux