On Wed, Jan 8, 2014 at 5:45 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote: >> /usr/bin/Xorg is, and has been, setuid-root just about forever. I'm >> wondering whether there's any good reason for it to remain >> setuid-root. > [...] >> - Xorg is a giant attack surface. Without setuid-root, only users >> sitting in front of the keyboard can try to attack it. > > Like, for example: > > http://lists.x.org/archives/xorg-announce/2014-January/002389.html > https://bugzilla.redhat.com/show_bug.cgi?id=1049569 > > Perhaps this is what got you thinking about this? > >> Thoughts? If people are generally in favor, I'll submit a change >> proposal. Despite the fact that the change would be a one-liner, it >> seems like a systemwide change. >> (On a related note: what's the F21 change proposal submission >> deadline? I can't find it anywhere.) > > No deadline yet -- go for it. You might also want to check into > http://fedoraproject.org/wiki/Features/RemoveSETUID, which was a > partially-successful effort to use capabilities instead of setuid across > the system. (See for example /usr/bin/ping.) > > However, that was about reducing from full setuid to what is effectively > partial setuid (and see the discussion; it's only really meaningful in some > cases). Removing the setuid bit entirely is new, as far as I know. Here it is: https://fedoraproject.org/wiki/Changes/NonSetuidXorg For amusement, try ssh-ing into a Fedora box that's sitting at the gdm prompt and type 'X :1'. IMO screwing with the box like that should require some kind of privilege for users who aren't in front of the keyboard. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
