Should /usr/bin/Xorg (still) be setuid-root?
Andrew Lutomirski
luto at mit.edu
Wed Jan 8 21:14:08 UTC 2014
/usr/bin/Xorg is, and has been, setuid-root just about forever. I'm
wondering whether there's any good reason for it to remain
setuid-root.
Some arguments for setuid-root:
- People who still use startx or similar scripts need it.
- It's vaguely useful for testing xorg.conf changes.
Some arguments for clearing the setuid-root bit:
- People who use display managers (i.e. almost everyone) doesn't need
it to be setuid-root.
- Xorg is a giant attack surface. Without setuid-root, only users
sitting in front of the keyboard can try to attack it.
I suspect that most people would notice the difference if
xorg-x11-server-Xorg got rid of the setuid-root bit.
Another option would be to only let users in a new xorg group run Xorg
and to keep it setuid-root.
Thoughts? If people are generally in favor, I'll submit a change
proposal. Despite the fact that the change would be a one-liner, it
seems like a systemwide change.
(On a related note: what's the F21 change proposal submission
deadline? I can't find it anywhere.)
--Andy
More information about the devel
mailing list