Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

Ely Levy elylevy-xserver at cs.huji.ac.il
Sun Jul 11 11:08:25 PDT 2004


On Sun, 11 Jul 2004, Matthieu Herrb wrote:

> Roland Mainz wrote:
> > Sean Middleditch wrote:
> > [snip]
> >
> >>Third, speaking of root, do you really want all that complex code in
> >>such a process?  The more code you have, the more potential bugs and
> >>security holes.
> >
> >
> > This is _ONLY_ a problem of the Linux Xserver. Solaris and other Unices
> > run their Xserver under plain user accounts. IMHO there should be
> > _urgendly_ some work on removing the requirement of running the Xserver
> > as "root". Things like a seperate group (e.g. "X11", "Xserver") +
> > setting ACLs on the neccesary /dev entries comes in mind... or turning
> > the drivers into kernel modules (AFAIK Solaris Xsun does it that way).
> >
>
> This cannot be changed without requiring the exising systems to be
> upgraded to a kernel that doesn't require root to access to the hardware
> (I/O ports and /dev/mem). I don't know for linux, but for *BSD it's not
> just a matter of permissions on /dev entries.

I think it's diffrent in linux,
but if that what is required I think it's important enough.

> Giving away these permissions to a specific uid or group also may have
> some unforseen effects, I'm not sure.
>
> Root privileges are currently also used to create the log file in
> /var/log. This needs to be addressed too (use syslog ?)

There are other programs who run as non root and use syslog,
like news/mail and ftp deamons.

> The privilege separation code and the systrace poolicy I developped for
> the XFree86 server on OpenBSD (see
> <ftp://ftp.laas.fr/pub/ii/matthieu/xf86-sec.pdf>) is interesting in
> showing were root privileges are actually used in XFree86.
> --
> 					Matthieu
>

Yea, that sort of cover it:)

Ely




More information about the xorg mailing list