Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

Matthieu Herrb matthieu.herrb at laas.fr
Sun Jul 11 10:55:36 PDT 2004


Roland Mainz wrote:
> Sean Middleditch wrote:
> [snip]
> 
>>Third, speaking of root, do you really want all that complex code in
>>such a process?  The more code you have, the more potential bugs and
>>security holes.
> 
> 
> This is _ONLY_ a problem of the Linux Xserver. Solaris and other Unices
> run their Xserver under plain user accounts. IMHO there should be
> _urgendly_ some work on removing the requirement of running the Xserver
> as "root". Things like a seperate group (e.g. "X11", "Xserver") +
> setting ACLs on the neccesary /dev entries comes in mind... or turning
> the drivers into kernel modules (AFAIK Solaris Xsun does it that way).
> 

This cannot be changed without requiring the exising systems to be 
upgraded to a kernel that doesn't require root to access to the hardware 
(I/O ports and /dev/mem). I don't know for linux, but for *BSD it's not 
just a matter of permissions on /dev entries.

Giving away these permissions to a specific uid or group also may have 
some unforseen effects, I'm not sure.

Root privileges are currently also used to create the log file in 
/var/log. This needs to be addressed too (use syslog ?)

The privilege separation code and the systrace poolicy I developped for 
the XFree86 server on OpenBSD (see 
<ftp://ftp.laas.fr/pub/ii/matthieu/xf86-sec.pdf>) is interesting in 
showing were root privileges are actually used in XFree86.
-- 
					Matthieu




More information about the xorg mailing list