[PATCH xserver] check for elevated privileges rather than just euid=0
Antoine Martin
antoine at nagafix.co.uk
Thu Oct 6 23:20:19 PDT 2011
On 07/10/11 04:25, Michal Suchanek wrote:
> On 6 October 2011 17:30, Antoine Martin <antoine at nagafix.co.uk> wrote:
>> On 06/10/11 20:39, Michal Suchanek wrote:
>>
>> Hello,
>>
>> I would like to check this out but how do I tell this actually works?
>>
>> I use this patch for using Xorg as an "Xdummy" server, like so:
>> /usr/local/bin/Xorg +extension GLX +extension RandR +extension Render
>> -logfile $HOME/log -config $HOME/xorg.conf'
>> My "Xdummy" xorg.conf can be found here:
>> http://xpra.org/src/Xdummy/xorg.conf
>>
> I tried to build a Debian X server package with this patch.
>
> I can run Xorg directly with these arguments but not through the X
> suid wrapper Debian uses.
That's the idea.. It is meant to continue to prevent non-root users from
using the suid wrapper to load arbitrary modules, config files or write
to user-specified log files.
> Still I cannot run X server with these arguments when I use su to log
> in as root.
Well, then this is an unintended problem.
I suspect this is a consequence of using the euid/guid/ruid checks that
Alan suggested here:
http://www.mail-archive.com/xorg-devel@lists.x.org/msg25259.html
Maybe those checks are a little too stringent for sudo/su vs suid wrappers?
> Since Debian and Ubuntu ship with root login disabled it disables
> these arguments for root entirely which does not sound desirable.
Definitely - I'm looking into it now, thanks for pointing that out!
Antoine
> Thanks
> Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20111007/f566eb34/attachment.html>
More information about the xorg-devel
mailing list