Re: Should /usr/bin/Xorg (still) be setuid-root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 10, 2014 at 11:44 AM, Hans de Goede <hdegoede@xxxxxxxxxx> wrote:
> Hi,
>
>
> On 01/09/2014 09:52 PM, Andrew Lutomirski wrote:
>>
>> On Thu, Jan 9, 2014 at 11:43 AM, Hans de Goede <hdegoede@xxxxxxxxxx>
>> wrote:
>>>
>>> Hi,
>>>
>>>
>>> On 01/09/2014 12:09 AM, Andrew Lutomirski wrote:
>>>>
>>>>
>>>> On Wed, Jan 8, 2014 at 2:58 PM, Peter Hutterer
>>>> <peter.hutterer@xxxxxxxxx>
>>>> wrote:
>>>>>
>>>>>
>>>>> On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
>>>>>>
>>>>>>
>>>>>> /usr/bin/Xorg is, and has been, setuid-root just about forever.  I'm
>>>>>> wondering whether there's any good reason for it to remain
>>>>>> setuid-root.
>>>>>
>>>>>
>>>>>
>>>>> http://fedoraproject.org/wiki/Changes/XorgWithoutRootRights
>>>>
>>>>
>>>>
>>>> This isn't actually the same thing.  That proposal suggests running
>>>> Xorg as a non-root user.  I'm proposing dropping the setuid bit on the
>>>> binary, which will have no effect on the uid of the running server.
>>>> (Of course, my suggestion will interact w/ that change, since the
>>>> process that starts Xorg will no longer be root.)
>>>
>>>
>>>
>>> I don't think that that will be very useful, it will likely cause more
>>> breakage then you think, as various display-managers may already start
>>> Xorg inside the user session, at which point the suid bit is needed,
>>> and as you already said it will break xinit and friends.
>>
>>
>> This is an empirical question :)  gdm on F20, at least, can still
>> switch users with the setuid bit cleared.  I'll try to test some more
>> display managers.
>
>
> Well starting X inside the user session is necessary for the systemd-logind
> integration I'm working on, which in turn is necessary to be able to
> completely
> run X without any root rights at all. So this quite likely is going to be
> how
> X will be started in F-21.
>
>
>> I hope it clears the bit -- I really don't like the fact that 'X :1'
>> screws with the display.
>
>
> I'm not sure yet if it will clear the bit, I'm pretty sure I can get things
> to work without any root rights for kms drivers (not 100% sure yet), but
> ums drivers will fail hard without the suid bit, the ums part of this
> needs some thinking (and needs me to dig up a card actually using it).
>
> I might end up deciding to just kill ums support and then see what happens,
> but I would rather not, and if I get enough pushback I might revert on
> such a decision :)

Once you add logind integration, there's another way -- write a tiny
setuid wrapper (or use some existing polkit mechanism) to allow users
in a console session to start Xorg as euid==0.  That wrapper could
even be called /usr/bin/Xorg :).  Presumably something like this (or
just real nonroot X support) will be needed for sane multi-seat
support anyway.

IOW, I don't think that Xorg needs to be any more special than, say, udisks.

--Andy
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux