On Fri, Jan 10, 2014 at 11:44 AM, Hans de Goede <hdegoede@xxxxxxxxxx> wrote: > Hi, > > > On 01/09/2014 09:52 PM, Andrew Lutomirski wrote: >> >> On Thu, Jan 9, 2014 at 11:43 AM, Hans de Goede <hdegoede@xxxxxxxxxx> >> wrote: >>> >>> Hi, >>> >>> >>> On 01/09/2014 12:09 AM, Andrew Lutomirski wrote: >>>> >>>> >>>> On Wed, Jan 8, 2014 at 2:58 PM, Peter Hutterer >>>> <peter.hutterer@xxxxxxxxx> >>>> wrote: >>>>> >>>>> >>>>> On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote: >>>>>> >>>>>> >>>>>> /usr/bin/Xorg is, and has been, setuid-root just about forever. I'm >>>>>> wondering whether there's any good reason for it to remain >>>>>> setuid-root. >>>>> >>>>> >>>>> >>>>> http://fedoraproject.org/wiki/Changes/XorgWithoutRootRights >>>> >>>> >>>> >>>> This isn't actually the same thing. That proposal suggests running >>>> Xorg as a non-root user. I'm proposing dropping the setuid bit on the >>>> binary, which will have no effect on the uid of the running server. >>>> (Of course, my suggestion will interact w/ that change, since the >>>> process that starts Xorg will no longer be root.) >>> >>> >>> >>> I don't think that that will be very useful, it will likely cause more >>> breakage then you think, as various display-managers may already start >>> Xorg inside the user session, at which point the suid bit is needed, >>> and as you already said it will break xinit and friends. >> >> >> This is an empirical question :) gdm on F20, at least, can still >> switch users with the setuid bit cleared. I'll try to test some more >> display managers. > > > Well starting X inside the user session is necessary for the systemd-logind > integration I'm working on, which in turn is necessary to be able to > completely > run X without any root rights at all. So this quite likely is going to be > how > X will be started in F-21. > > >> I hope it clears the bit -- I really don't like the fact that 'X :1' >> screws with the display. > > > I'm not sure yet if it will clear the bit, I'm pretty sure I can get things > to work without any root rights for kms drivers (not 100% sure yet), but > ums drivers will fail hard without the suid bit, the ums part of this > needs some thinking (and needs me to dig up a card actually using it). > > I might end up deciding to just kill ums support and then see what happens, > but I would rather not, and if I get enough pushback I might revert on > such a decision :) Once you add logind integration, there's another way -- write a tiny setuid wrapper (or use some existing polkit mechanism) to allow users in a console session to start Xorg as euid==0. That wrapper could even be called /usr/bin/Xorg :). Presumably something like this (or just real nonroot X support) will be needed for sane multi-seat support anyway. IOW, I don't think that Xorg needs to be any more special than, say, udisks. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
