xserver: do we still need Fopen()
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Feb 10 00:31:26 UTC 2024
On 2/8/24 04:25, Enrico Weigelt, metux IT consult wrote:
> On 08.02.24 00:19, Alan Coopersmith wrote:
>>>> If the Xserver is run as setuid root,
>>>
>>> On which platforms is that still the case ?
>>
>> Platforms which support users starting the Xserver directly
>> (startx/xinit/etc
>> instead of via systemd service or display manager) on devices without KMS
>> support.
>
> Okay, but which are those, exactly ? Are those still supported at all ?
As I said before, I know Solaris is one. I don't know which others.
> A comprehensive list of still supported platforms would be great.
For the Xserver, I believe the list of supported OS'es is:
- BSD, including, but not limited to, FreeBSD, NetBSD, & OpenBSD,
but not 386BSD or BSDi
- GNU Hurd
- Linux, but not Android
- MacOS, but not iOS/iPadOS/watchOS/etc.
- Solaris & illumos, but no longer OpenSolaris
- Windows, including CygWin and MinGW
which mostly matches the "X.Org OS ports" section of
https://gitlab.freedesktop.org/xorg/doc/xorg-docs/-/blob/master/MAINTAINERS
(the SCO bit in the maintainers file is out of date since xserver commit
f28e48834e40c7901c2ef in 2010, or since X11R7, depending on how you look
at it).
I don't know if anyone keeps track of minimum versions for any of these
either. As the Solaris maintainer, I only actively make sure it works
on Solaris 11.4 (released 2018), but have only actively removed support
for OS releases before Solaris 8 (released in 2000) - though I should
probably clean up some more now since meson doesn't support OS versions
that old.
Not all of the servers build on all OS'es - for instance XWin & XQuartz
are limited to Windows and MacOS respectively.
> Are you the Xserver maintainer for Solaris ?
I am one of them, I share the load with Niveditha Rau, who does most of
the work for packaging X in Solaris these days, while I do more of the
upstream work.
>>> And does it need to run as root all the time, instead of after opening
>>> some devices ?
>>
>> It needs to run as root when opening the devices (both at startup and
>> when VT switching back to the server from another VT).
>
> Does the device need to be re-opened (really another open()) call on VT
> switch, or would it be sufficient to do it once early and later drop
> privileges ?
Re-opened, since they're closed when we VT switch away. And when not using
KMS, there's also IOPL manipulation to deal with.
>> We've got a local mechanism in the Solaris packages that takes a message
>> from gdm at login time and setuid's to the user that just logged in,
>> since without it, the X server doesn't know what uid to setuid to when
>> using a display manager (gdm/xdm/etc.) to login, but that's never gone
>> upstream.
>
> Interesting, can you give us more detail ?
https://github.com/oracle/solaris-userland/blob/master/components/x11/xserver/xorg/sun-src/os/dtlogin.c
https://github.com/oracle/solaris-userland/blob/master/components/x11/xserver/xorg/patches/07-dtlogin-userinfo.patch
https://github.com/oracle/solaris-userland/blob/master/components/gnome/gdm/patches/0004-sdtlogin.patch
Presumably someone implementing it today would use Dbus instead of a
named pipe, but that didn't exist in 1995 when this was first created.
Alternatively, they'd just restart the X server as the new user after login
succeeds instead of just putting the user session on the same Xserver that
the login screen ran on, which is presumably what someone would need to do
for https://gitlab.freedesktop.org/xorg/xserver/-/issues/1632 .
> Would it be possible to incorparate some special logic for things like
> user-passed pathes (and permission checks)
I don't understand what you want to do there.
> Oh, BTW, just seen that on WIN32, Fopen #define'd to fopen(), thus no
> priv dropping at all. So can we assume the other targets
> HAS_SAVED_IDS_AND_SETUID ?
That's what I did in
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1266
I believe it was only pre-POSIX UNIX platforms that didn't support it,
and we've not supported any of those in the Xserver since at least the
time of the Imake->autoconf conversion in 2005 for X11R7.0, but they
definitely existed when the X server was created in the mid-80's.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
More information about the xorg-devel
mailing list