[PULL to discuss] Remove kdrive, Xnest, and Xvfb

Alan Coopersmith alan.coopersmith at oracle.com
Tue Mar 27 09:02:25 PDT 2012


On 03/27/12 12:08 AM, Michel Dänzer wrote:
> On Mon, 2012-03-26 at 22:06 -0700, Alan Coopersmith wrote: 
>> On 03/26/12 09:07 PM, Jamey Sharp wrote:
>>> Maybe I have it right this time: On Debian, there's no problem,
>>> because /usr/bin/X is a trivial suid wrapper and /usr/bin/Xorg is not
>>> installed suid. Solaris and other Unixes could take the same approach,
>>> right?
>>
>> While I've heard about this before, I've not seen the sources for this wrapper
>> (can someone provide a pointer?  all I'm finding in google is man pages & bug
>> reports that reference it)
> 
> http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=history;f=debian/local/xserver-wrapper.c

So yes, I see it does try to run Xorg without privileges when any -config
option is passed, not just those in unsafe directories, which means that
systems using this wrapper can probably get by already.

I couldn't use this wrapper as is on Solaris though, since we use the existing
support for system/admin provided config files being available to non-root users
in a Xorg running as root, such as Xorg -config xorg.conf.vesa to load a
fallback vesa configuration.

It also wouldn't help the people who were unfortunately using Xephyr with direct
input device access to fake up a multiseat mode on a single physical server,
though that should probably be replaced by use of nested Xinput devices, not
trying to hack up Xorg to use nested video driver with evdev input drivers.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list