[PATCH xserver] xorg-wrapper: when starting the server as root, reset its environment

Hans de Goede hdegoede at redhat.com
Mon Oct 19 05:43:21 PDT 2015


Hi,

On 19-10-15 12:57, Julien Cristau wrote:
> On Mon, Oct 19, 2015 at 10:43:45 +0200, Hans de Goede wrote:
>
>> Hi,
>>
>> On 18-10-15 19:26, Julien Cristau wrote:
>>> When the server is privileged, we shouldn't be passing the user's
>>> environment directly.
>>>
>>> Signed-off-by: Julien Cristau <jcristau at debian.org>
>>
>> I've no real objections against this, and I can see this being a good
>> thing from a security pov, but I'm afraid this may cause regressions.
>>
>> Before we had the wrapper the server itself used to be suid-root,
>> and none of the code for dealing with that has been removed (the server
>> can still be build that way). So I would expect the server to sanitize
>> its environment itself...
>>
>> So I've 2 questions:
>>
>> 1) Is there any concrete reason why this is necessary ?
>
> Enabling logind support means pulling in libdbus, which I didn't want to
> do without addressing
> https://bugs.freedesktop.org/show_bug.cgi?id=52202
> https://bugs.freedesktop.org/show_bug.cgi?id=83849

Ok, that is a very valid reason, can you do a v2 with these bug links .
this rationale added to the commit message ?

I'm still a bit worried there may be some fallout, but I believe the
above reasons are strong enough to just go for it and see if it breaks
anything.

Regards,

Hans


More information about the xorg-devel mailing list