xserver: do we still need Fopen() ?

Enrico Weigelt, metux IT consult info at metux.net
Mon Feb 5 14:41:11 UTC 2024


On 02.02.24 21:05, Alan Coopersmith wrote:

Hi,

> I suspect for the OS'es that the xserver code builds on today, that
> could be replaced by #ifndef WIN32, which would then allow the first
> half of that #ifdef in Fopen to be deleted, leaving just the simpler
> case, since Fopen is already not built for WIN32.

Does WIN32 still mean 32bit Windows or also more modern ones like
w10/w11 ?

> If the Xserver is run as setuid root,

On which platforms is that still the case ?

And does it need to run as root all the time, instead of after opening
some devices ?

> you don't want to let it read
> files with root privs that are specified by a non-root user - that
> way lies CVEs.

Yes, of course. But can't we just have an extra permission check ?

> I could imagine adding a build flag to the server
> that said not to support running setuid, that would set a define
> that skipped this code and instead enabled code to check issetugid()
> on startup and instantly exit if it was true,

That seems indeed helpful also for alerting installations that still
do it even if not necessary anymore. Actually I'd enable it by default.

>> And is there still any need to run it as root at all ?
>
> Yes.  Not every OS the X server runs on has KMS support for every device.
> I don't know how to express that in a meson, autoconf, or #ifdef check
> though.

Add an explicit option for that ?


--mtx

--
---
Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert
werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren
GPG/PGP-Schlüssel zu.
---
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info at metux.net -- +49-151-27565287


More information about the xorg-devel mailing list