[PATCH RFC 0/1] Xorg: Add a suid root wrapper
Mark Kettenis
mark.kettenis at xs4all.nl
Sun Mar 9 15:26:57 PDT 2014
> Date: Thu, 06 Mar 2014 13:51:45 +0100
> From: Hans de Goede <hdegoede at redhat.com>
>
> Hi Mark,
>
> On 03/06/2014 01:23 PM, Mark Kettenis wrote:
>
> <snip>
>
> > Oh dear, the wrapper script is back!
> >
> > Before you go further down this road, may I point out the privilege
> > seperation support that we've had in xenocara (Xorg for OpenBSD) for
> > years now? As Ilja van Sprundel says, "Xorg guys should steal that
> > code!" ;).
>
> > Our Xorg binary is still setuid, but dropping the setuid bit isn't a
> > problem in itself.
>
> Ideally it would not be suid at all, but agreed that that is not the
> biggest problem.
>
> > What you care about is dropping as many access
> > rights as possible, and being setuid you might actually be able to
> > drop more of them.
>
> That sounds like nonsense to me, unless you're API's are broken somewhere
> you should be able drop capabilities / whatever just as well as regular
> user. Root should only ever be required to gain rights, never to drop
> them.
Well, I'm thinking about things like changing to a "nobody" user or
doing a chroot(2). Things you might want to do to prevent giving the
X server access to a user's files.
More information about the xorg-devel
mailing list