[PATCH RFC 0/1] Xorg: Add a suid root wrapper

Hans de Goede hdegoede at redhat.com
Thu Mar 6 04:51:45 PST 2014


Hi Mark,

On 03/06/2014 01:23 PM, Mark Kettenis wrote:

<snip>

> Oh dear, the wrapper script is back!
> 
> Before you go further down this road, may I point out the privilege
> seperation support that we've had in xenocara (Xorg for OpenBSD) for
> years now?  As Ilja van Sprundel says, "Xorg guys should steal that
> code!" ;).

> Our Xorg binary is still setuid, but dropping the setuid bit isn't a
> problem in itself.

Ideally it would not be suid at all, but agreed that that is not the
biggest problem.

> What you care about is dropping as many access
> rights as possible, and being setuid you might actually be able to
> drop more of them.

That sounds like nonsense to me, unless you're API's are broken somewhere
you should be able drop capabilities / whatever just as well as regular
user. Root should only ever be required to gain rights, never to drop
them.

> It also means you can open the traditional log
> files (either before you drop priviliges, or through the Xorg process
> that keeps the priviliges.

Agreed that this would allow us to open the log files, but as you indicate
yourself, that is not a big deal.

> But the major benefit from the privsep is
> that non-KMS setups still get (some of) the benefits.

Maybe, my main reason for needing a wrapper at all when running in
no-root-rights normally needed mode are:

1) iopl / memmap rights needed by non kms drivers
2) support for binary only drivers

Esp. in the second category we simply don't know what rights are
needed an what rights can be dropped.

>From the Linux POV the wrapper is a workaround for these drivers,
I hope that in the future we can stop shipping the wrapper by default.

> Not sure if Matthieu Herrb ever tried to merge the OpenBSD changes
> back into Xorg.  If he did his attempts didn't raise much interest
> from you Linux people.  But it seems that has changed ;).
> 
> His changes can be found in the OpenBSD xenocara CVS repository.  And
> if you ask him nicely, he can probably point you at a git repository
> that has the changes as well.  Just grep for X_PRIVSEP!

If there is interest in the OpenBSD community in getting this upstream
the first step would be for someone interested in this to hack it up
in a bunch of incremental patches (which may already be the case) and
submitting those to the list for review.

Regards,

Hans




More information about the xorg-devel mailing list