[PATCH xserver] check for elevated privileges rather than just euid=0

Antoine Martin antoine at nagafix.co.uk
Fri Oct 7 07:49:27 PDT 2011


[snip]
>>>> Still I cannot run X server with these arguments when I use su to log
>>>> in as root.
>>> Well, then this is an unintended problem.
>>> I suspect this is a consequence of using the euid/guid/ruid checks that
>>> Alan suggested here:
>>> http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html
>>> Maybe those checks are a little too stringent for sudo/su vs suid wrappers?
>> Are you sure you can't run the X server after "su"ing to root?
>> This is what I get on an Ubuntu Lucid box when calling via the X wrapper:
>> $ su -
>> Password:
>> # X -v
>> ruid=0, euid=0, suid=0
>> rgid=0, egid=0, sgid=0
> I don't know where you get this. My X wrapper does not provide this option:
That's because I cheated, sorry for misleading you.
I didn't have time to install all the debian dev environment on that
test box so I just replaced /usr/bin/Xorg with the program attached to
see what happens.
It just prints out the uids it finds, which is what xf86PrivsElevated()
uses. I don't see why it would behave any different from the patch..
>> Looks ok to me, ruid==euid==suid so xf86PrivsElevated() returns FALSE.
>> The behaviour should be unchanged from before when using sudo or su.
>> What's the error message you are getting in this case?
>> The full command line and error would be nice, as well as distro and
>> versions.
>  $ su -
> Password:
> OptiPlex960:~# Xorg +extension GLX +extension RANDR +extension RENDER
> -logfile /scratch/xdummy.log :1
>
> Fatal server error:
> The '-logfile' option cannot be used with elevated privileges.
>
>
> Please consult the The X.Org Foundation support
>          at http://wiki.x.org
>  for help.
>
> Obviously, I am running with "eleveated privileges" which is technically true.
The application only sees that you are logged in as root at this point
and it should have no knowledge of how you got there (su).
So although you have "elevated privileges" in some sense, the check
should return FALSE here.

That's odd because as I posted earlier, running the attached test
program after "su"ing gives me the correct result for ruid/euid/suid -
which is "0".
Maybe compiling on Debian will give a different result, is HASSETUGID
set in your build?
> Note that I normally use 'su' without any options which gives the same error.
>  dpkg -S `which su`
> login: /bin/su
>
> ii  login                         1:4.1.4.2+svn3283-2+squeeze1  system
> login tools
> ii  libc6                         2.13-21
> Embedded GNU C Library: Shared libraries
>
> I hope this provides the required info.
It does, thank you very much for that. (I assume that xorg-server is up
to date too since you rebuilt it from source)
I will take a look at this using a proper debian build environment ASAP.

Antoine

> Thanks
>
> Michal
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: print_uid.c
URL: <http://lists.x.org/archives/xorg-devel/attachments/20111007/b506e67d/attachment.txt>


More information about the xorg-devel mailing list