Why does X run as root?
Matthew Miller
mattdm at mattdm.org
Mon Aug 23 17:16:16 UTC 2010
On Fri, Aug 20, 2010 at 09:24:42PM +0200, Till Maas wrote:
> > On Thu, Aug 19, 2010 at 06:49:33PM +0100, Matthew Garrett wrote:
> > > > I think "run X as user Xorg if you're on KMS" would be a fine
> > > > F15Feature to aim for. Ubuntu's been working on it too:
> > > Of course, doing so just turns it from "Running code as X gives you
> > > root" to "Running code as X gives you root the moment someone types in a
> > > root password, even if they're on a different terminal". I accept that
> > This sounds like yet another good argument for removing the need to ever
> > type a root password.
> How does this make it better? Then someone would spy on the user password of
> someone with sudo capabilities.
If sudo is configured to give root access with the user password with no
further restrictions, you're right. But it opens the doors to other
possibilities, like requiring kerberos or key- or cert-based authentication
for login. I know it's not feasible for most end-user desktops, but here we
use two-factor authentication tokens for administrative access.
--
Matthew Miller <mattdm at mattdm.org>
Senior Systems Architect -- Instructional & Research Computing Services
Harvard School of Engineering & Applied Sciences
More information about the devel
mailing list