non root X

Casey Dahlin cdahlin at redhat.com
Mon Aug 10 17:01:43 UTC 2009


On 08/07/2009 05:47 PM, Dave Airlie wrote:
> On Fri, 2009-08-07 at 16:42 -0400, Casey Dahlin wrote:
>> On 08/06/2009 01:26 AM, Dave Airlie wrote:
>>> On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote:
>>>> Hi
>>>>
>>>> A few days back I ran into
>>>>
>>>> http://lists.x.org/archives/xorg-devel/2009-July/001293.html
>>>>
>>>> I am wondering, since we are already using KMS in most places in Fedora,
>>>> how far are we from achieving this by default in a Fedora release?
>>> non-root X is a big security hole at the moment, and until we get
>>> revoke() support in the kernel, we can probably move X to running as a
>>> special user, and maybe once we get revoke to running as the real user.
>>>
>>> However it doesn't solve the issue how we know we need or don't need
>>> root since X only figures out what graphics drivers are needed after
>>> starting, so if you needed a non-kms gpu driver we wouldn't know
>>> until after we'd started as non-root.
>>>
>>> Dave.
>>>
>> Why can't we just start as root or with the setuid bit, and use the standard set*uid() calls to drop what we don't need once we know what we're doing?
>>
> 
> We have to undo some stuff when X exits.
> 
> Dave.
> 
> 

I meant start as setuid, then determine if root was necessary at all. If it is, keep running as root for the duration. If not, drop privileges.

--CJD




More information about the devel mailing list