Hi All, As indicated here: https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights I'm working on making the X server run as a regular user. I actually have this pretty much working. So now it is time to start looking into some of the corner cases, or rather at the elephant in the room. What about non-kms drivers. We still have the vesa driver around as most prominent example, and this is useful for some oddball cards and for cards which are too new. I would like to not break the vesa driver, while still killing the suid bit on the X server. I'm currently thinking about implementing the following solution: 1) Make the X server a regular binary without any special rights 2) Implement a small suid root wrapper which gets the Xorg name and launches the real Xorg binary. This wrapper will search for kms capable cards and if one is found drop all root rights before executing the real Xorg binary. If no kms capable cards are found it will execute the real Xorg binary with root rights. 3) Put this wrapper in a separate package, make it part of comps so it will get installed by default, but don't depend on it in any packages so that security sensitive users can simply do "rpm -e xorg-x11-server-suid-helper" I'm not 100% sold on my own idea yet. The whole idea of dropping the suid bit is to remove the rather large attack surface the xserver offers. With the helper for people running kms that attack surface is reduced to a quite small, easily audited helper. But for people without kms nothing changes. On x86 most users will fall in the with kms category, but what about ie ARM? Regards, Hans -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
