Should /usr/bin/Xorg (still) be setuid-root?
Hans de Goede
hdegoede at redhat.com
Fri Jan 10 19:44:32 UTC 2014
On 01/09/2014 09:52 PM, Andrew Lutomirski wrote:
> On Thu, Jan 9, 2014 at 11:43 AM, Hans de Goede <hdegoede at redhat.com> wrote:
>> On 01/09/2014 12:09 AM, Andrew Lutomirski wrote:
>>> On Wed, Jan 8, 2014 at 2:58 PM, Peter Hutterer <peter.hutterer at who-t.net>
>>>> On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote:
>>>>> /usr/bin/Xorg is, and has been, setuid-root just about forever. I'm
>>>>> wondering whether there's any good reason for it to remain
>>> This isn't actually the same thing. That proposal suggests running
>>> Xorg as a non-root user. I'm proposing dropping the setuid bit on the
>>> binary, which will have no effect on the uid of the running server.
>>> (Of course, my suggestion will interact w/ that change, since the
>>> process that starts Xorg will no longer be root.)
>> I don't think that that will be very useful, it will likely cause more
>> breakage then you think, as various display-managers may already start
>> Xorg inside the user session, at which point the suid bit is needed,
>> and as you already said it will break xinit and friends.
> This is an empirical question :) gdm on F20, at least, can still
> switch users with the setuid bit cleared. I'll try to test some more
> display managers.
Well starting X inside the user session is necessary for the systemd-logind
integration I'm working on, which in turn is necessary to be able to completely
run X without any root rights at all. So this quite likely is going to be how
X will be started in F-21.
> I hope it clears the bit -- I really don't like the fact that 'X :1'
> screws with the display.
I'm not sure yet if it will clear the bit, I'm pretty sure I can get things
to work without any root rights for kms drivers (not 100% sure yet), but
ums drivers will fail hard without the suid bit, the ums part of this
needs some thinking (and needs me to dig up a card actually using it).
I might end up deciding to just kill ums support and then see what happens,
but I would rather not, and if I get enough pushback I might revert on
such a decision :)
More information about the devel