[PATCH xserver] check for elevated privileges rather than just euid=0
Michal Suchanek
hramrach at centrum.cz
Fri Oct 7 04:48:36 PDT 2011
On 7 October 2011 11:14, Antoine Martin <antoine at nagafix.co.uk> wrote:
> On 07/10/11 13:20, Antoine Martin wrote:
>> That's the idea.. It is meant to continue to prevent non-root users from
>> using the suid wrapper to load arbitrary modules, config files or write
>> to user-specified log files.
>>> Still I cannot run X server with these arguments when I use su to log
>>> in as root.
>> Well, then this is an unintended problem.
>> I suspect this is a consequence of using the euid/guid/ruid checks that
>> Alan suggested here:
>> http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html
>> Maybe those checks are a little too stringent for sudo/su vs suid wrappers?
> Are you sure you can't run the X server after "su"ing to root?
> This is what I get on an Ubuntu Lucid box when calling via the X wrapper:
> $ su -
> Password:
> # X -v
> ruid=0, euid=0, suid=0
> rgid=0, egid=0, sgid=0
I don't know where you get this. My X wrapper does not provide this option:
# X -v
Fatal server error:
Server is already active for display 0
If this server is no longer running, remove /tmp/.X0-lock
and start again.
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
>
> Looks ok to me, ruid==euid==suid so xf86PrivsElevated() returns FALSE.
> The behaviour should be unchanged from before when using sudo or su.
> What's the error message you are getting in this case?
> The full command line and error would be nice, as well as distro and
> versions.
$ su -
Password:
OptiPlex960:~# Xorg +extension GLX +extension RANDR +extension RENDER
-logfile /scratch/xdummy.log :1
Fatal server error:
The '-logfile' option cannot be used with elevated privileges.
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
Obviously, I am running with "eleveated privileges" which is technically true.
Note that I normally use 'su' without any options which gives the same error.
dpkg -S `which su`
login: /bin/su
ii login 1:4.1.4.2+svn3283-2+squeeze1 system
login tools
ii libc6 2.13-21
Embedded GNU C Library: Shared libraries
I hope this provides the required info.
Thanks
Michal
More information about the xorg-devel
mailing list