X security and suid

Alan Cox alan at lxorguk.ukuu.org.uk
Wed May 17 18:27:04 PDT 2006


On Mer, 2006-05-17 at 16:41 -0700, Jonathan Klay wrote:
> Xwrapper was used to start X then switch to a non-privileged user, but 
> it looks as if it is no longer used and maybe I misunderstand how it 
> worked as well.

It too was setuid


Ok the framebuffer way of doing this is to boot with the option

"vga=number"

where number is 0x200 + the vesa video mode (Documentation/fb/vesa.txt)

So if you boot with vga=0x318 for example you should get 1024x768x24bit
providing your BIOS support this. Now when you do this you also get a
device /dev/fb0 which has the usual permission rules and which can be
used by an unprivileged X server using the "fbdev" driver (see man
fbdev)

You don't get acceleration as the kernel exposes the framebuffer memory
to the server but not the accelerator (which cannot be trusted itself).

If you need more info on this ping your Red Hat support contact.

Alan (@redhat.com)





More information about the xorg mailing list