On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
/usr/bin/Xorg is, and has been, setuid-root just about forever. I'm wondering whether there's any good reason for it to remain setuid-root.
[...]
- Xorg is a giant attack surface. Without setuid-root, only users
sitting in front of the keyboard can try to attack it.
Like, for example:
http://lists.x.org/archives/xorg-announce/2014-January/002389.html https://bugzilla.redhat.com/show_bug.cgi?id=1049569
Perhaps this is what got you thinking about this?
Thoughts? If people are generally in favor, I'll submit a change proposal. Despite the fact that the change would be a one-liner, it seems like a systemwide change. (On a related note: what's the F21 change proposal submission deadline? I can't find it anywhere.)
No deadline yet -- go for it. You might also want to check into http://fedoraproject.org/wiki/Features/RemoveSETUID, which was a partially-successful effort to use capabilities instead of setuid across the system. (See for example /usr/bin/ping.)
However, that was about reducing from full setuid to what is effectively partial setuid (and see the discussion; it's only really meaningful in some cases). Removing the setuid bit entirely is new, as far as I know.