[PULL to discuss] Remove kdrive, Xnest, and Xvfb
Jamey Sharp
jamey at minilop.net
Tue Mar 27 06:03:03 PDT 2012
On 3/26/12, Alan Coopersmith <alan.coopersmith at oracle.com> wrote:
> On 03/26/12 09:07 PM, Jamey Sharp wrote:
>> Maybe I have it right this time: On Debian, there's no problem,
>> because /usr/bin/X is a trivial suid wrapper and /usr/bin/Xorg is not
>> installed suid. Solaris and other Unixes could take the same approach,
>> right?
>
> However, if the suid wrapper allows non-root users to specify arbitrary files
> to -config, then it's a dangerous security hole we can't allow (and since the
> Debian people aren't stupid, I assume it does not). If it doesn't allow
> -config through, then I don't see how it would help here.
The key is to have a *non*-suid copy of the server available for those
who don't need root privs for their configuration. In that mode all
options can be processed without the server performing security
checks, and if you try to subvert system security the OS will stop
you.
Systems that still need to allow non-root users to run the server with
root privileges (hopefully a dwindling set over time) can either ship
a suid wrapper, or ship a second copy of the server that has the suid
bit set, whichever makes more sense to the packagers.
Jamey
More information about the xorg-devel
mailing list