X security and suid

Jonathan Klay Jonathan.Klay at noaa.gov
Wed May 17 16:41:54 PDT 2006 

Thanks for the reply Alan.  It looks as though it might be impossible to 
run a graphical workstation on linux under this current Common Criteria 
evaluation.

Here are some points from the config. manual (emphasis theirs).
--------------------------------------------------------------------------------------------------------------
Additional software packages MAY be installed as needed, provided that 
they do not conflict with the security
requirements. The security requirements for additional software are:

-SUID root or SGID root programs MUST NOT be added to the system.

-The content, permissions, and ownership of all existing filesystem 
objects (including directories and device
nodes) that are part of the evaluated configuration MUST NOT be 
modified. Files and directories MAY be
added to existing directories provided that this does not violate any 
other requirement.

-Programs automatically launched with root privileges MUST NOT be added 
to the system. Exception: processes
that immediately and permanently switch to a non-privileged identity on 
launch.

(etc.)
-------------------------------------------------------------------------------------------------------------

So that's why I considered xdm/gdm unusable.  It seems like in the past 
Xwrapper was used to start X then switch to a non-privileged user, but 
it looks as if it is no longer used and maybe I misunderstand how it 
worked as well.

Jon

Alan Cox wrote:
> On Mer, 2006-05-17 at 12:07 -0700, Jonathan Klay wrote:
>   
>> can't run suid-root, and we really need X. I planned to have users use 
>> "startx".
>>     
>
> In which case X needs privileges.
>
>   
>> I've googled all over, and tried removing suid and getting it to work, 
>> with no luck. Has anybody configured this?
>>     
>
> You can make X itself non setuid, but then it must be run by a root
> owned daemon. Red Hat normally uses gdm for this but xdm should work.
> Text mode consoles are still available by switching to a different
> console (Ctrl-alt-F1 etc)
>
> It is possible to configure X and the kernel setup you are using to run
> a framebuffer X server. This lacks any acceleration but may be
> preferable if you need more strict security models.
>
> Alan
>
>   

-- 
Thanks,
Jonathan

Jonathan Klay     <+>    NOAA PMEL CNSD
System Administrator     NOAA PMEL OERD
Newport, OR       <+>    (541) 867-0277

More information about the xorg mailing list