[PATCH xserver] check for elevated privileges rather than just euid=0
antoine at nagafix.co.uk
Thu Oct 6 23:20:19 PDT 2011
On 07/10/11 04:25, Michal Suchanek wrote:
> On 6 October 2011 17:30, Antoine Martin <antoine at nagafix.co.uk> wrote:
>> On 06/10/11 20:39, Michal Suchanek wrote:
>> I would like to check this out but how do I tell this actually works?
>> I use this patch for using Xorg as an "Xdummy" server, like so:
>> /usr/local/bin/Xorg +extension GLX +extension RandR +extension Render
>> -logfile $HOME/log -config $HOME/xorg.conf'
>> My "Xdummy" xorg.conf can be found here:
> I tried to build a Debian X server package with this patch.
> I can run Xorg directly with these arguments but not through the X
> suid wrapper Debian uses.
That's the idea.. It is meant to continue to prevent non-root users from
using the suid wrapper to load arbitrary modules, config files or write
to user-specified log files.
> Still I cannot run X server with these arguments when I use su to log
> in as root.
Well, then this is an unintended problem.
I suspect this is a consequence of using the euid/guid/ruid checks that
Alan suggested here:
Maybe those checks are a little too stringent for sudo/su vs suid wrappers?
> Since Debian and Ubuntu ship with root login disabled it disables
> these arguments for root entirely which does not sound desirable.
Definitely - I'm looking into it now, thanks for pointing that out!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xorg-devel