RFC: what to do with ums when the X server is not suid root ?

drago01 drago01 at gmail.com
Mon Jan 20 10:31:25 UTC 2014


On Mon, Jan 20, 2014 at 11:29 AM, drago01 <drago01 at gmail.com> wrote:
> On Mon, Jan 20, 2014 at 10:08 AM, Hans de Goede <hdegoede at redhat.com> wrote:
>> Hi All,
>>
>> As indicated here:
>> https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights
>>
>> I'm working on making the X server run as a regular user. I actually have
>> this
>> pretty much working.
>>
>> So now it is time to start looking into some of the corner cases, or rather
>> at
>> the elephant in the room. What about non-kms drivers. We still have the vesa
>> driver around as most prominent example, and this is useful for some oddball
>> cards and for cards which are too new.
>>
>> I would like to not break the vesa driver, while still killing the suid bit
>> on
>> the X server.
>>
>> I'm currently thinking about implementing the following solution:
>>
>> 1) Make the X server a regular binary without any special rights
>>
>> 2) Implement a small suid root wrapper which gets the Xorg name and
>> launches the real Xorg binary.
>>
>> This wrapper will search for kms capable cards and if one is found drop
>> all root rights before executing the real Xorg binary. If no kms capable
>> cards are found it will execute the real Xorg binary with root rights.
>>
>> 3) Put this wrapper in a separate package, make it part of comps so it
>> will get installed by default, but don't depend on it in any packages
>> so that security sensitive users can simply do
>> "rpm -e xorg-x11-server-suid-helper"
>
> That will break badly for upgrades. If someone is using a ums driver, upgrades
> and nothing pulls in the helper he / she will end up with a broken setup.

(sent to eerily).
So we should just let ums drivers require it. (Because they
technically do require it after all).
A user that does not use ums drivers can still remove (along with the drivers).


More information about the devel mailing list