X security and suid
Alan Cox
alan at lxorguk.ukuu.org.uk
Wed May 17 14:36:26 PDT 2006
On Mer, 2006-05-17 at 12:07 -0700, Jonathan Klay wrote:
> can't run suid-root, and we really need X. I planned to have users use
> "startx".
In which case X needs privileges.
> I've googled all over, and tried removing suid and getting it to work,
> with no luck. Has anybody configured this?
You can make X itself non setuid, but then it must be run by a root
owned daemon. Red Hat normally uses gdm for this but xdm should work.
Text mode consoles are still available by switching to a different
console (Ctrl-alt-F1 etc)
It is possible to configure X and the kernel setup you are using to run
a framebuffer X server. This lacks any acceleration but may be
preferable if you need more strict security models.
Alan
More information about the xorg
mailing list