X security and suid

Jonathan Klay Jonathan.Klay at noaa.gov
Wed May 17 12:07:26 PDT 2006


I've been trying to configure a secure workstation according to the 
"common criteria" evaluated configuration for Redhat 4, which does not 
include X Windows in the basic install.  All additional applications 
can't run suid-root, and we really need X. I planned to have users use 
"startx".

It used to be that various sources advised against X running suid 
anyway, like CIRT and even this:

the X.Org Group strongly recommends that you not install your server suid-root, but that you use xdm instead.

But now it says:

On UN*X like systems the server is usually owned by root and runs with 
the SUID bit set so that it runs with root privileges even if started by 
an ordinary user. To check if your Xserver has the right permissions you 
have to locate the server binary. This file is owned by the user 'root' 
and has the SUID bit set (the 's' in -rws--x--x.)  If either one isn't 
true you need to fix this.

I've googled all over, and tried removing suid and getting it to work, 
with no luck. Has anybody configured this?

-- 
Thanks,
Jon




More information about the xorg mailing list