On Sun, Jun 21, 2020 at 4:53 PM Philip Webb <purs...@ca.inter.net> wrote:
> 200621 Piotr Karbowski wrote:
> > Title: xorg-server dropping default suid
> ...
> > The Gentoo X11 Team is announcing that starting with 15th of July,
> > the x11-base/xorg-server will no longer default to suid
> > and will default to using logind interface instead.  This change
> > makes xorg-server run as regular user rather than root by default,
> > however those who do not have any logind interface provider
> > -- either systemd or elogind -- will need to enable either
> > to make it possible to run X session as unprivileged user.
> > No action is required from systemd and desktop profile users,
> > since systemd provides logind interface
> > and desktop profile already enables 'elogind' USE flag globally.
> > Rest of the non-systemd users is required to globally enable
> > 'elogind' USE flag and apply it by 'emerge --newuse @world',
> > after which, re-login is required so that PAM can allocate seat.
> > One can confirm that a seat has been assigned upon login by running:
> >     $ loginctl user-status
> > Those who for whatever reason want to preserve current state,
> > while heavily discouraged,
> > can still use x11-base/xorg-server with 'suid -elogind'.
> Gentoo Wiki says :
>   elogind is the systemd project's logind, extracted to a standalone package.
>   It's designed for users who prefer a non-systemd init system,
>   but still want to use popular software such as KDE/Wayland or GNOME
>   that otherwise hard-depends on systemd.
>   startx integration : To have an elogind session created
>   when using startx to start the X server (instead of a display manager),
>   add the following to the user's ~/.xinitrc file : FILE ~/.xinitrc
>    exec dbus-launch --exit-with-session <WINDOW_MANAGER>
>   WINDOW_MANAGER in the above example needs to be replaced
>   by a window manager or a single application.
> I want to use 'startx' to start X , because I don't want to be trapped
> if some problem arises with X or KDE or the login manager
> & I need to change config files or remerge pkgs (etc) to rescue myself.
> With 'startx' I can do all that work from raw TTYs with no problems,
> as I am not forced to go into an X session if I don't want to.

Thank you for actually participating in the discussion, unlike the
last thread about this topic.

> I don't want to use 'systemd', as I want to run a traditional UNIX version
> of Linux + KDE (or Fluxbox) for a simple single-user desktop system.
> Why is running 'xorg-server' as root "heavily discouraged" ?
> -- I've been doing that with Gentoo for  > 16 yr  without any problems.
> AFAIK there are no problems re exploits via I/net browsers,
> which are started by my user as all such user software always is.
> What might go wrong, if I continue to 'startx'
> with 'xorg-server' merged with 'suid -elogind'
> & without the '.xinitrc' line show above in the Wiki ?

For the majority of users (those that use a graphics driver with
kernel modesetting support), X only needs root access for a small set
of things: accessing the DRM device node, accessing the input device
nodes, and some stuff around VTs. The rest of the time, X doesn't need
root access but still must run as root for those cases I mention.

With elogind, those bits are handled in a small daemon, and X no
longer needs to run as root. Most people find that to be valuable,
especially with the knowledge that there have been a number of
security vulnerabilities found that would allow arbitrary code
execution in the xserver over the years [1].

Our current default of USE=suid installs /usr/bin/Xorg with the setuid
bit set, allowing it to be run *as root* by any user. This enables
non-root users to execute startx, for example.

I appreciate that Gentoo users are a diverse bunch, to say the least.
This news item is about *defaults*. I'm happy to explain the value of
the new default to people who are genuinely curious but I have no
interest in trying to convince you or anyone else of anything.

You're free to keep the status quo with a single line in
/etc/portage/package.use. The people building and maintaining the
distro think that the new defaults are better defaults for the vast
majority of users, but again they're just defaults.


Reply via email to