Should /usr/bin/Xorg (still) be setuid-root?
mattdm at fedoraproject.org
Thu Jan 9 01:45:07 UTC 2014
On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
> /usr/bin/Xorg is, and has been, setuid-root just about forever. I'm
> wondering whether there's any good reason for it to remain
> - Xorg is a giant attack surface. Without setuid-root, only users
> sitting in front of the keyboard can try to attack it.
Like, for example:
Perhaps this is what got you thinking about this?
> Thoughts? If people are generally in favor, I'll submit a change
> proposal. Despite the fact that the change would be a one-liner, it
> seems like a systemwide change.
> (On a related note: what's the F21 change proposal submission
> deadline? I can't find it anywhere.)
No deadline yet -- go for it. You might also want to check into
http://fedoraproject.org/wiki/Features/RemoveSETUID, which was a
partially-successful effort to use capabilities instead of setuid across
the system. (See for example /usr/bin/ping.)
However, that was about reducing from full setuid to what is effectively
partial setuid (and see the discussion; it's only really meaningful in some
cases). Removing the setuid bit entirely is new, as far as I know.
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the devel