/usr/bin/Xorg is, and has been, setuid-root just about forever. I'm wondering whether there's any good reason for it to remain setuid-root. Some arguments for setuid-root: - People who still use startx or similar scripts need it. - It's vaguely useful for testing xorg.conf changes. Some arguments for clearing the setuid-root bit: - People who use display managers (i.e. almost everyone) doesn't need it to be setuid-root. - Xorg is a giant attack surface. Without setuid-root, only users sitting in front of the keyboard can try to attack it. I suspect that most people would notice the difference if xorg-x11-server-Xorg got rid of the setuid-root bit. Another option would be to only let users in a new xorg group run Xorg and to keep it setuid-root. Thoughts? If people are generally in favor, I'll submit a change proposal. Despite the fact that the change would be a one-liner, it seems like a systemwide change. (On a related note: what's the F21 change proposal submission deadline? I can't find it anywhere.) --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
