xserver: do we still need Fopen() ?

Alan Coopersmith alan.coopersmith at oracle.com
Fri Feb 2 20:05:57 UTC 2024 

On 2/2/24 05:45, Enrico Weigelt, metux IT consult wrote:
> Hello folks,
> 
> I wonder whether we still need the Fopen() function.
> 
> It's a funny and complicated way of loading a file with dropped privs
> (by calling `cat` on that file !).

It only does the cat if HAS_SAVED_IDS_AND_SETEUID is not defined, and
that should be defined on all POSIX systems - though it looks like our
current check is:

#if defined(SVR4) || defined(__linux__) || defined(CSRG_BASED)
#define HAS_SAVED_IDS_AND_SETEUID
#endif

I suspect for the OS'es that the xserver code builds on today, that
could be replaced by #ifndef WIN32, which would then allow the first
half of that #ifdef in Fopen to be deleted, leaving just the simpler
case, since Fopen is already not built for WIN32.

> The only call site is LoadAuthorization() (auth.c) for loading the
> Xauthority file (if one was passed to xserver via -auth arg). But this
> doesn't make much sense to me: why should the xserver - if started as
> root (but dropping privs) - be prevented from reading an xauth file ?

If the Xserver is run as setuid root, you don't want to let it read
files with root privs that are specified by a non-root user - that
way lies CVEs.  I could imagine adding a build flag to the server
that said not to support running setuid, that would set a define
that skipped this code and instead enabled code to check issetugid()
on startup and instantly exit if it was true, but I don't think anyone
has written a patch for that yet.  Distros who don't install setuid
could set that flag, those who do could leave it unset.

> And do we still need the complicated exec'ing code path ?

As noted above, I don't think so.

> And is there still any need to run it as root at all ?

Yes.  Not every OS the X server runs on has KMS support for every device.
I don't know how to express that in a meson, autoconf, or #ifdef check though.

-- 
         -Alan Coopersmith-                 alan.coopersmith at oracle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

More information about the xorg-devel mailing list