xserver: do we still need Fopen() ?
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Feb 7 23:19:20 UTC 2024
On 2/5/24 06:41, Enrico Weigelt, metux IT consult wrote:
> On 02.02.24 21:05, Alan Coopersmith wrote:
>
> Hi,
>
>> I suspect for the OS'es that the xserver code builds on today, that
>> could be replaced by #ifndef WIN32, which would then allow the first
>> half of that #ifdef in Fopen to be deleted, leaving just the simpler
>> case, since Fopen is already not built for WIN32.
>
> Does WIN32 still mean 32bit Windows or also more modern ones like
> w10/w11 ?
I believe it's still defined for 64-bit Windows, as stated on
https://learn.microsoft.com/en-us/windows/win32/winprog64/additional-considerations
but I never code or build for Windows, so am not the best person to ask.
>> If the Xserver is run as setuid root,
>
> On which platforms is that still the case ?
Platforms which support users starting the Xserver directly (startx/xinit/etc
instead of via systemd service or display manager) on devices without KMS
support.
I know Solaris is one, since that's the one I work on, but I believe
even some Linux distros still do this - for instance, see the Note about
the "suid" USE flag on https://wiki.gentoo.org/wiki/Xorg/Guide .
> And does it need to run as root all the time, instead of after opening
> some devices ?
It needs to run as root when opening the devices (both at startup and
when VT switching back to the server from another VT).
We've got a local mechanism in the Solaris packages that takes a message
from gdm at login time and setuid's to the user that just logged in,
since without it, the X server doesn't know what uid to setuid to when
using a display manager (gdm/xdm/etc.) to login, but that's never gone
upstream.
>> you don't want to let it read
>> files with root privs that are specified by a non-root user - that
>> way lies CVEs.
>
> Yes, of course. But can't we just have an extra permission check ?
That would be more code and riskier to implement than the setuid method,
which just delegates to the kernel to be sure.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
More information about the xorg-devel
mailing list