[PATCH xserver] check for elevated privileges rather than just euid=0

Michal Suchanek hramrach at centrum.cz
Fri Oct 7 04:48:36 PDT 2011


On 7 October 2011 11:14, Antoine Martin <antoine at nagafix.co.uk> wrote:
> On 07/10/11 13:20, Antoine Martin wrote:

>> That's the idea.. It is meant to continue to prevent non-root users from
>> using the suid wrapper to load arbitrary modules, config files or write
>> to user-specified log files.
>>> Still I cannot run X server with these arguments when I use su to log
>>> in as root.
>> Well, then this is an unintended problem.
>> I suspect this is a consequence of using the euid/guid/ruid checks that
>> Alan suggested here:
>> http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html
>> Maybe those checks are a little too stringent for sudo/su vs suid wrappers?
> Are you sure you can't run the X server after "su"ing to root?
> This is what I get on an Ubuntu Lucid box when calling via the X wrapper:
> $ su -
> Password:
> # X -v
> ruid=0, euid=0, suid=0
> rgid=0, egid=0, sgid=0

I don't know where you get this. My X wrapper does not provide this option:

# X -v

Fatal server error:
Server is already active for display 0
        If this server is no longer running, remove /tmp/.X0-lock
        and start again.


Please consult the The X.Org Foundation support
         at http://wiki.x.org
 for help.



>
> Looks ok to me, ruid==euid==suid so xf86PrivsElevated() returns FALSE.
> The behaviour should be unchanged from before when using sudo or su.
> What's the error message you are getting in this case?
> The full command line and error would be nice, as well as distro and
> versions.

 $ su -
Password:
OptiPlex960:~# Xorg +extension GLX +extension RANDR +extension RENDER
-logfile /scratch/xdummy.log :1

Fatal server error:
The '-logfile' option cannot be used with elevated privileges.


Please consult the The X.Org Foundation support
         at http://wiki.x.org
 for help.

Obviously, I am running with "eleveated privileges" which is technically true.
Note that I normally use 'su' without any options which gives the same error.

 dpkg -S `which su`
login: /bin/su

ii  login                         1:4.1.4.2+svn3283-2+squeeze1  system
login tools
ii  libc6                         2.13-21
Embedded GNU C Library: Shared libraries

I hope this provides the required info.

Thanks

Michal


More information about the xorg-devel mailing list