SDTLOGIN interface

Eamon Walsh ewalsh at tycho.nsa.gov
Thu May 29 18:34:17 PDT 2008


Dave Airlie wrote:
> On Fri, May 30, 2008 at 6:16 AM, Xavier Toth <txtoth at gmail.com> wrote:
>   
>> On Thu, May 29, 2008 at 3:04 PM, Alan Coopersmith
>> <Alan.Coopersmith at sun.com> wrote:
>>     
>>> Xavier Toth wrote:
>>>       
>>>> I saw something that implied that a version of this interface would be
>>>> working its way into X so that other OSs could take advantage of the
>>>> additional security offered by having gdm restart the X server as the
>>>> login user instead of root. Has anything happened regarding this
>>>> interface?
>>>>         
>>> Getting it ready to propose to X.Org is somewhere down on my todo list,
>>> for now it's sitting in our OpenSolaris/Solaris Xorg port as one of our
>>> platform specific patches.
>>>
>>> If there's interest in it, I can try to get to it sooner, but didn't know
>>> that anyone outside Sun cared.
>>>
>>> --
>>>        -Alan Coopersmith-           alan.coopersmith at sun.com
>>>         Sun Microsystems, Inc. - X Window System Engineering
>>>
>>>
>>>       
>> There is an ongoing discussion on the SELinux mailing list about X
>> policy development that has touched on the fact that the xserver is
>> run as root and not the logged in user. Eamon can probably second this
>> but I'd say everyone involved in the discussion thinks this would be a
>> good thing.
>>
>>     
>
>
> Running the X server as the user is in our upcoming plans for Fedora.
> There is a lot of things that need fixing before this can happen in
> the drivers.
>
> Getting X away from the hardware is quite a big step.
>   

Isn't the plan to start new X servers on different consoles?


-- 
Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency




More information about the xorg mailing list