Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets
Matthieu Herrb
matthieu.herrb at laas.fr
Sun Jul 11 10:55:36 PDT 2004
Roland Mainz wrote:
> Sean Middleditch wrote:
> [snip]
>
>>Third, speaking of root, do you really want all that complex code in
>>such a process? The more code you have, the more potential bugs and
>>security holes.
>
>
> This is _ONLY_ a problem of the Linux Xserver. Solaris and other Unices
> run their Xserver under plain user accounts. IMHO there should be
> _urgendly_ some work on removing the requirement of running the Xserver
> as "root". Things like a seperate group (e.g. "X11", "Xserver") +
> setting ACLs on the neccesary /dev entries comes in mind... or turning
> the drivers into kernel modules (AFAIK Solaris Xsun does it that way).
>
This cannot be changed without requiring the exising systems to be
upgraded to a kernel that doesn't require root to access to the hardware
(I/O ports and /dev/mem). I don't know for linux, but for *BSD it's not
just a matter of permissions on /dev entries.
Giving away these permissions to a specific uid or group also may have
some unforseen effects, I'm not sure.
Root privileges are currently also used to create the log file in
/var/log. This needs to be addressed too (use syslog ?)
The privilege separation code and the systrace poolicy I developped for
the XFree86 server on OpenBSD (see
<ftp://ftp.laas.fr/pub/ii/matthieu/xf86-sec.pdf>) is interesting in
showing were root privileges are actually used in XFree86.
--
Matthieu
More information about the xorg
mailing list