Re: non root X

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/06/2009 01:26 AM, Dave Airlie wrote:
> On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote:
>> Hi
>>
>> A few days back I ran into
>>
>> http://lists.x.org/archives/xorg-devel/2009-July/001293.html
>>
>> I am wondering, since we are already using KMS in most places in Fedora,
>> how far are we from achieving this by default in a Fedora release?
> 
> non-root X is a big security hole at the moment, and until we get
> revoke() support in the kernel, we can probably move X to running as a
> special user, and maybe once we get revoke to running as the real user.
> 
> However it doesn't solve the issue how we know we need or don't need
> root since X only figures out what graphics drivers are needed after
> starting, so if you needed a non-kms gpu driver we wouldn't know
> until after we'd started as non-root.
> 
> Dave.
> 

Why can't we just start as root or with the setuid bit, and use the standard set*uid() calls to drop what we don't need once we know what we're doing?

--CJD

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux