SDTLOGIN interface
Alan Coopersmith
Alan.Coopersmith at Sun.COM
Mon Jun 2 19:04:51 PDT 2008
Edgar Toernig wrote:
> Alan Coopersmith wrote:
>> When the X server starts, it creates a named pipe (aka fifo) in a
>> directory writable only by root. The display manager opens the other
>> end of this pipe for writing. Once it's displayed the login screen
>> and authenticated a user, the display manager writes a series of
>> key value pairs over the pipe such as:
>>
>> UID="123" GID="10";
>> G_LIST_ID="1" G_LIST_ID="2" G_LIST_ID="3";
>> HOME="/home/bob" EOF="";
>>
>> Once it sees the EOF="" token, the Xserver closes the pipe and
>> processes the other pairs - approximately:
>> setregid(GID)
>> setgroups(G_LIST_ID list)
>> chown(server-auth-file, UID)
>> setreuid(UID)
>> chdir(HOME)
>
> What's the point in all this ... stuff?
>
> Why should the X-server run with the privileges of some
> arbitrary user? Why should it be able to read some
> user's mail, have access to its crontab etc? And what
> if that user happens to be root?
If that user happens to be root, then you're back where you
started - the X server was started as root, and without this,
runs as root the whole time.
The point of this then is to reduce privileges from root to
the user using the Xserver.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the xorg
mailing list