Should /usr/bin/Xorg (still) be setuid-root?

Matthew Miller mattdm at fedoraproject.org
Thu Jan 9 01:45:07 UTC 2014


On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
> /usr/bin/Xorg is, and has been, setuid-root just about forever.  I'm
> wondering whether there's any good reason for it to remain
> setuid-root.
[...]
>  - Xorg is a giant attack surface.  Without setuid-root, only users
> sitting in front of the keyboard can try to attack it.

Like, for example:

  http://lists.x.org/archives/xorg-announce/2014-January/002389.html
  https://bugzilla.redhat.com/show_bug.cgi?id=1049569

Perhaps this is what got you thinking about this?

> Thoughts?  If people are generally in favor, I'll submit a change
> proposal.  Despite the fact that the change would be a one-liner, it
> seems like a systemwide change.
> (On a related note: what's the F21 change proposal submission
> deadline?  I can't find it anywhere.)

No deadline yet -- go for it. You might also want to check into
http://fedoraproject.org/wiki/Features/RemoveSETUID, which was a
partially-successful effort to use capabilities instead of setuid across
the system. (See for example /usr/bin/ping.)

However, that was about reducing from full setuid to what is effectively
partial setuid (and see the discussion; it's only really meaningful in some
cases). Removing the setuid bit entirely is new, as far as I know.

-- 
Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>


More information about the devel mailing list