X security and suid
Jonathan Klay
Jonathan.Klay at noaa.gov
Wed May 17 12:07:26 PDT 2006
I've been trying to configure a secure workstation according to the
"common criteria" evaluated configuration for Redhat 4, which does not
include X Windows in the basic install. All additional applications
can't run suid-root, and we really need X. I planned to have users use
"startx".
It used to be that various sources advised against X running suid
anyway, like CIRT and even this:
the X.Org Group strongly recommends that you not install your server suid-root, but that you use xdm instead.
But now it says:
On UN*X like systems the server is usually owned by root and runs with
the SUID bit set so that it runs with root privileges even if started by
an ordinary user. To check if your Xserver has the right permissions you
have to locate the server binary. This file is owned by the user 'root'
and has the SUID bit set (the 's' in -rws--x--x.) If either one isn't
true you need to fix this.
I've googled all over, and tried removing suid and getting it to work,
with no luck. Has anybody configured this?
--
Thanks,
Jon
More information about the xorg
mailing list