[PULL to discuss] Remove kdrive, Xnest, and Xvfb
Mark Kettenis
mark.kettenis at xs4all.nl
Tue Mar 27 06:47:27 PDT 2012
> Date: Tue, 27 Mar 2012 06:03:03 -0700
> From: Jamey Sharp <jamey at minilop.net>
>
> On 3/26/12, Alan Coopersmith <alan.coopersmith at oracle.com> wrote:
> > On 03/26/12 09:07 PM, Jamey Sharp wrote:
> >> Maybe I have it right this time: On Debian, there's no problem,
> >> because /usr/bin/X is a trivial suid wrapper and /usr/bin/Xorg is not
> >> installed suid. Solaris and other Unixes could take the same approach,
> >> right?
> >
> > However, if the suid wrapper allows non-root users to specify arbitrary files
> > to -config, then it's a dangerous security hole we can't allow (and since the
> > Debian people aren't stupid, I assume it does not). If it doesn't allow
> > -config through, then I don't see how it would help here.
>
> The key is to have a *non*-suid copy of the server available for those
> who don't need root privs for their configuration. In that mode all
> options can be processed without the server performing security
> checks, and if you try to subvert system security the OS will stop
> you.
This is based on the (false) assumption that a suid Xorg is making
things less secure. It is perhaps somewhat non-intuitive, but a
suid-root binary can use its powers to drop priviliges and become less
priviliged than a normal user. So a *non*-suid Xorg should not be a
goal in itself.
More information about the xorg-devel
mailing list