> As indicated here: > https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights > > I'm working on making the X server run as a regular user. I actually have > this > pretty much working. > > So now it is time to start looking into some of the corner cases, or rather > at > the elephant in the room. What about non-kms drivers. We still have the vesa > driver around as most prominent example, and this is useful for some oddball > cards and for cards which are too new. > > I would like to not break the vesa driver, while still killing the suid bit > on > the X server. > > I'm currently thinking about implementing the following solution: > > 1) Make the X server a regular binary without any special rights > > 2) Implement a small suid root wrapper which gets the Xorg name and > launches the real Xorg binary. > > This wrapper will search for kms capable cards and if one is found drop > all root rights before executing the real Xorg binary. If no kms capable > cards are found it will execute the real Xorg binary with root rights. > > 3) Put this wrapper in a separate package, make it part of comps so it > will get installed by default, but don't depend on it in any packages > so that security sensitive users can simply do > "rpm -e xorg-x11-server-suid-helper" > > I'm not 100% sold on my own idea yet. The whole idea of dropping the suid > bit > is to remove the rather large attack surface the xserver offers. With the > helper for people running kms that attack surface is reduced to a quite > small, > easily audited helper. But for people without kms nothing changes. On x86 > most users will fall in the with kms category, but what about ie ARM? At the moment on ARM most devices that have X use the xorg-x11-drv-modesetting driver which I believe uses the KMS kernel drivers so I'm presuming we'll be OK on that front. The other two that are in use are xorg-x11-drv-armsoc (currently supported via the DRM_EXYNOS module, in theory can support other Mali GPUs) and xorg-x11-drv-omap (DRM_OMAP) which I believe also use the equivalent KMS drivers but I might be wrong there. Moving forward I can't see any new ARM devices not supporting KMS as I doubt they'll get accepted into the mainline kernel without it. Peter -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
