RFC: what to do with ums when the X server is not suid root ?

drago01 drago01 at gmail.com
Mon Jan 20 10:29:22 UTC 2014


On Mon, Jan 20, 2014 at 10:08 AM, Hans de Goede <hdegoede at redhat.com> wrote:
> Hi All,
>
> As indicated here:
> https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights
>
> I'm working on making the X server run as a regular user. I actually have
> this
> pretty much working.
>
> So now it is time to start looking into some of the corner cases, or rather
> at
> the elephant in the room. What about non-kms drivers. We still have the vesa
> driver around as most prominent example, and this is useful for some oddball
> cards and for cards which are too new.
>
> I would like to not break the vesa driver, while still killing the suid bit
> on
> the X server.
>
> I'm currently thinking about implementing the following solution:
>
> 1) Make the X server a regular binary without any special rights
>
> 2) Implement a small suid root wrapper which gets the Xorg name and
> launches the real Xorg binary.
>
> This wrapper will search for kms capable cards and if one is found drop
> all root rights before executing the real Xorg binary. If no kms capable
> cards are found it will execute the real Xorg binary with root rights.
>
> 3) Put this wrapper in a separate package, make it part of comps so it
> will get installed by default, but don't depend on it in any packages
> so that security sensitive users can simply do
> "rpm -e xorg-x11-server-suid-helper"

That will break badly for upgrades. If someone is using a ums driver, upgrades
and nothing pulls in the helper he / she will end up with a broken setup.


More information about the devel mailing list