[PATCH RFC 0/1] Xorg: Add a suid root wrapper

Mark Kettenis mark.kettenis at xs4all.nl
Sun Mar 9 15:26:57 PDT 2014


> Date: Thu, 06 Mar 2014 13:51:45 +0100
> From: Hans de Goede <hdegoede at redhat.com>
> 
> Hi Mark,
> 
> On 03/06/2014 01:23 PM, Mark Kettenis wrote:
> 
> <snip>
> 
> > Oh dear, the wrapper script is back!
> > 
> > Before you go further down this road, may I point out the privilege
> > seperation support that we've had in xenocara (Xorg for OpenBSD) for
> > years now?  As Ilja van Sprundel says, "Xorg guys should steal that
> > code!" ;).
> 
> > Our Xorg binary is still setuid, but dropping the setuid bit isn't a
> > problem in itself.
> 
> Ideally it would not be suid at all, but agreed that that is not the
> biggest problem.
> 
> > What you care about is dropping as many access
> > rights as possible, and being setuid you might actually be able to
> > drop more of them.
> 
> That sounds like nonsense to me, unless you're API's are broken somewhere
> you should be able drop capabilities / whatever just as well as regular
> user. Root should only ever be required to gain rights, never to drop
> them.

Well, I'm thinking about things like changing to a "nobody" user or
doing a chroot(2).  Things you might want to do to prevent giving the
X server access to a user's files.


More information about the xorg-devel mailing list