X security and suid

Alan Cox alan at lxorguk.ukuu.org.uk
Wed May 17 14:36:26 PDT 2006


On Mer, 2006-05-17 at 12:07 -0700, Jonathan Klay wrote:
> can't run suid-root, and we really need X. I planned to have users use 
> "startx".

In which case X needs privileges.

> I've googled all over, and tried removing suid and getting it to work, 
> with no luck. Has anybody configured this?

You can make X itself non setuid, but then it must be run by a root
owned daemon. Red Hat normally uses gdm for this but xdm should work.
Text mode consoles are still available by switching to a different
console (Ctrl-alt-F1 etc)

It is possible to configure X and the kernel setup you are using to run
a framebuffer X server. This lacks any acceleration but may be
preferable if you need more strict security models.

Alan




More information about the xorg mailing list