On Sat, Nov 7, 2015 at 2:43 AM, Mike Small <[email protected]> wrote: > On Fri, Nov 06, 2015 at 10:47:30PM -0500, Bill Bogstad wrote: >> On Fri, Nov 6, 2015 at 9:10 AM, Rich Pieri <[email protected]> wrote: >> > Tangentially, we've had genuinely unprivileged X servers for a long time. >> > VNC's standalone X servers do not require root and to the best of my >> > knowledge never have. Combined with DirectVNC, a Linux framebuffer VNC >> > client, and you can have X without root without systemd hackery. >> >> True. But I think most people want X servers that take advantages of >> all the graphics acceleration features in modern graphics cards. >> Those X servers have in my experience usually required running them as >> root. > > OpenBSD's privilege separated X uses acceleration though doesn't > yet support as many graphics chipsets as X on Linux. E.g. Nouveau > (for nvidia) hasn't made it over yet, but perhaps that will change > now that someone at NetBSD is working on it.
Interesting, maybe X Window System developers for Linux systems didn't care enough about the potential issues of privileged X servers to spend the time. That wouldn't be surprising. Most Linux users are probably going to buy their graphics hardware based on performance/support not security concerns so said developers would have little pressure to change their priorities. I confess that I haven't really thought about it myself. Given that I run Linux rather than OpenBSD, I've already made the decision to value something else more than ultimate security. Bill Bogstad _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
