Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Xorg setuid
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
8086
n00b
n00b


Joined: 12 Dec 2007
Posts: 52

PostPosted: Sun Dec 23, 2007 7:12 pm    Post subject: Xorg setuid Reply with quote

I was going through the list of SUID binaries on my system and noticed Xorg. Now, this binary being SUID has seemed very natural to me all these years I've been using Linux, but today it hit me: why does Xorg have to be SUID? I'm looking for technical details, but I'm too lazy to actually read the source.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5923

PostPosted: Sun Dec 23, 2007 7:17 pm    Post subject: Reply with quote

I believe it has something to do with using a login manager, but it could also be for direct hardware access to the video card/inputs, and again I could be waaay off. :lol:

Moved from Off the Wall to Networking & Security.
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
8086
n00b
n00b


Joined: 12 Dec 2007
Posts: 52

PostPosted: Sun Dec 23, 2007 7:19 pm    Post subject: Reply with quote

I don't know if it's about the login manager, par example I don't use a login manager. I suppose hardware access is the cause, but I'm looking for details.

Sorry for postin in "off the wall" (as that seems to have been incorrect), I just thought this is more of a "General Linux" than Gentoo-specific kind of thing.
Back to top
View user's profile Send private message
tSp
Apprentice
Apprentice


Joined: 19 Jan 2004
Posts: 214
Location: Maysville, KY

PostPosted: Sun Feb 03, 2008 1:56 pm    Post subject: Reply with quote

Answering this just so it doesn't go unanswered completely but I wondered this myself some time ago and found this answer (I believe it is still correct today):

Copied and pasted this from http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/x.html#XFREE86-ROOT
Quote:
Q.
Before, I was able to run XFree86 as a regular user. Why does it now say that I must be root?

Quote:

A.
All X servers need to be run as root in order to get direct access to your video hardware. Older versions of XFree86 (<= 3.3.6) installed all bundled servers to be automatically run as root (setuid to root). This is obviously a security hazard because X servers are large, complicated programs. Newer versions of XFree86 do not install the servers setuid to root for just this reason.

Obviously, running an X server as the root user is not acceptable, nor a good idea security-wise. There are two ways to be able to use X as a regular user. The first is to use xdm or another display manager (e.g., kdm); the second is to use the Xwrapper.

xdm is a daemon that handles graphical logins. It is usually started at boot time, and is responsible for authenticating users and starting their sessions; it is essentially the graphical counterpart of getty(8) and login(1). For more information on xdm see the XFree86 documentation, and the the FAQ entry on it.

Xwrapper is the X server wrapper; it is a small utility to enable one to manually run an X server while maintaining reasonable safety. It performs some sanity checks on the command line arguments given, and if they pass, runs the appropriate X server. If you do not want to run a display manager for whatever reason, this is for you. If you have installed the complete ports collection, you can find the port in /usr/ports/x11/wrapper.


And, there is also a way to disable setuid on Xorg binary during install, or manually after install. The downside is that you can't manually start xorg server (startkde from a bash shell for example as a normal user) without using a login manager (xdm, kdm, gdm).
_________________
tSp
http://www.rhpstudios.com
http://www.xtremewebhosts.com
http://www.maysville-linux-users-group.org
http://www.edwiget.name

Registered Linux User #162711
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Mon May 25, 2015 6:39 pm    Post subject: Reply with quote

For completeness' sake:

https://wiki.gentoo.org/wiki/Non_root_Xorg
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum