Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

Jakub Piotr Cłapa loc at toya.net.pl
Wed Jul 14 09:55:03 PDT 2004


Alan Cox wrote:
> On Mer, 2004-07-14 at 16:45, Ralph Thomas wrote:
> 
>>Then you could have some daemon listen to "/dev/keyboard-special" for
>>ctrl+alt+delete or whatever and then issue the "Exclusive" ioctl and
>>do it's secret password and username stuff - once it had done that it
>>could issue the "NonExclusive" ioctl.
> 
> The current approach is actually simpler. If you enable SAK then when
> SAK is hit every process connected to that console is disconnected from
> it and generally dies. Init then spawns a new getty.
> 
> The only area this breaks down is with X because if you just kill off X
> bad stuff occurs right now. Once the mode handling support is in the
> kernel then when X dies the fb layer either directly or via a user mode
> helper run from hotplug will sort the mess out.

But there is a problem with a mallicious user killing a logged in session.

The exclusive keyboard would allow us to configure programs used for 
logging in (mingetty, xdm) and make sure no other processes can capture 
passwords. It seems secure to me and definitely more flexible than any 
builtin kernel login demons.

-- 
Regards,
Jakub Piotr Cłapa



More information about the xorg mailing list