<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 07/10/11 04:25, Michal Suchanek wrote:
<blockquote
cite="mid:CAOMqctQf=FxNVsjwHyduHrYXwNc7DnnCTtsFqisCfr9X2Gds=A@mail.gmail.com"
type="cite">
<pre wrap="">On 6 October 2011 17:30, Antoine Martin <a class="moz-txt-link-rfc2396E" href="mailto:antoine@nagafix.co.uk"><antoine@nagafix.co.uk></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 06/10/11 20:39, Michal Suchanek wrote:
Hello,
I would like to check this out but how do I tell this actually works?
I use this patch for using Xorg as an "Xdummy" server, like so:
/usr/local/bin/Xorg +extension GLX +extension RandR +extension Render
-logfile $HOME/log -config $HOME/xorg.conf'
My "Xdummy" xorg.conf can be found here:
<a class="moz-txt-link-freetext" href="http://xpra.org/src/Xdummy/xorg.conf">http://xpra.org/src/Xdummy/xorg.conf</a>
</pre>
</blockquote>
<pre wrap="">
I tried to build a Debian X server package with this patch.
I can run Xorg directly with these arguments but not through the X
suid wrapper Debian uses.</pre>
</blockquote>
That's the idea.. It is meant to continue to prevent non-root users
from using the suid wrapper to load arbitrary modules, config files
or write to user-specified log files.<br>
<blockquote
cite="mid:CAOMqctQf=FxNVsjwHyduHrYXwNc7DnnCTtsFqisCfr9X2Gds=A@mail.gmail.com"
type="cite">
<pre wrap="">Still I cannot run X server with these arguments when I use su to log
in as root.</pre>
</blockquote>
Well, then this is an unintended problem.<br>
I suspect this is a consequence of using the euid/guid/ruid checks
that Alan suggested here:<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<a
href="http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html">http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html</a><br>
Maybe those checks are a little too stringent for sudo/su vs suid
wrappers?<br>
<blockquote
cite="mid:CAOMqctQf=FxNVsjwHyduHrYXwNc7DnnCTtsFqisCfr9X2Gds=A@mail.gmail.com"
type="cite">
<pre wrap="">Since Debian and Ubuntu ship with root login disabled it disables
these arguments for root entirely which does not sound desirable.</pre>
</blockquote>
Definitely - I'm looking into it now, thanks for pointing that out!<br>
<br>
Antoine<br>
<br>
<blockquote
cite="mid:CAOMqctQf=FxNVsjwHyduHrYXwNc7DnnCTtsFqisCfr9X2Gds=A@mail.gmail.com"
type="cite">
<pre wrap="">
Thanks
Michal
</pre>
</blockquote>
</body>
</html>