On 08/06/2009 01:26 AM, Dave Airlie wrote: > On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote: >> Hi >> >> A few days back I ran into >> >> http://lists.x.org/archives/xorg-devel/2009-July/001293.html >> >> I am wondering, since we are already using KMS in most places in Fedora, >> how far are we from achieving this by default in a Fedora release? > > non-root X is a big security hole at the moment, and until we get > revoke() support in the kernel, we can probably move X to running as a > special user, and maybe once we get revoke to running as the real user. > > However it doesn't solve the issue how we know we need or don't need > root since X only figures out what graphics drivers are needed after > starting, so if you needed a non-kms gpu driver we wouldn't know > until after we'd started as non-root. > > Dave. > Why can't we just start as root or with the setuid bit, and use the standard set*uid() calls to drop what we don't need once we know what we're doing? --CJD -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
