Should /usr/bin/Xorg (still) be setuid-root?

Peter Hutterer peter.hutterer at
Wed Jan 8 22:58:00 UTC 2014

On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
> /usr/bin/Xorg is, and has been, setuid-root just about forever.  I'm
> wondering whether there's any good reason for it to remain
> setuid-root.


> Some arguments for setuid-root:
>  - People who still use startx or similar scripts need it.
>  - It's vaguely useful for testing xorg.conf changes.
> Some arguments for clearing the setuid-root bit:
>  - People who use display managers (i.e. almost everyone) doesn't need
> it to be setuid-root.
>  - Xorg is a giant attack surface.  Without setuid-root, only users
> sitting in front of the keyboard can try to attack it.
> I suspect that most people would notice the difference if
> xorg-x11-server-Xorg got rid of the setuid-root bit.
> Another option would be to only let users in a new xorg group run Xorg
> and to keep it setuid-root.
> Thoughts?  If people are generally in favor, I'll submit a change
> proposal.  Despite the fact that the change would be a one-liner, it
> seems like a systemwide change.
> (On a related note: what's the F21 change proposal submission
> deadline?  I can't find it anywhere.)
> --Andy
> -- 
> devel mailing list
> devel at
> Fedora Code of Conduct:

More information about the devel mailing list