On Wed, Dec 12 2018 09:18:45 +0100, Matthieu Herrb wrote:
> > diff --git a/xserver/hw/xfree86/common/xf86Init.c
> > b/xserver/hw/xfree86/common/xf86Init.c
> > index 2a04da045..b814eb412 100644
> > --- a/xserver/hw/xfree86/common/xf86Init.c
> > +++ b/xserver/hw/xfree86/common/xf86Init.c
> > @@ -967,9 +967,13 @@ OsVendorInit(void)
> > #endif
> > #endif
> > #if defined(X_PRIVSEP)
> > - if (!beenHere && !xf86KeepPriv && geteuid() == 0) {
> > - xf86PrivilegedInit();
> > - xf86DropPriv();
> > + if (!beenHere) {
> > + if(!xf86KeepPriv && geteuid() == 0) {
> > + xf86PrivilegedInit();
> > + xf86DropPriv();
> > + } else {
> > + xf86OpenConsole();
> > + }
> > }
> > #endif
>
> This shouldn't be needed (And wasn't when I did my own tests with
> running X without root). With startx you can re-use the virtual
> console from which X was started, there won't be any other process
> (like getty(8) fighting with the X server for input.
>
> What was the issue that prompted you to make this change ?
The console was not opened otherwise if euid==0 (xf86OpenConsole is only
called from xf86PrivilegedInit), and I saw some ioctl's on fd -1 as a
result in ktrace.
> > Finally, there's a check in drm_drv.c that only allows superuser to
> > become a master on /dev/drm0 and fails the open for other users. I
> > removed the superuser check; filesystem permissions should prevent
> > anyone except the user logging in on ttyC0 from accessing this device
> > anyway. I haven't studied what exactly being the master allows here and
> > if there's possible privilege escalation hiding there; my reading of
> > drm_do_ioctl is that ioctls marked DRM_ROOT_ONLY will still fail, so I
> > admit I don't really know what the check was there for...
> >
> > Still, this allows running X without any user processes as root (and
> > unbreaks xinit/startx) - is there any potential here? :)
>
> Yes. We dont wan't to do that. Mark has some plans to implement the
> proper solution here.
ok, thanks. It was worth a shot anyway :)
> Also note that this will only work for the modesetting
> driver. Unfortnatly, even the other KMS based driver (intel and
> radeon) still need more work to run without some root privileges.
true, I did not test other drivers.
> And older drivers (non AMD/intel cards) will stop working completly.
I don't see how that follows. This change *relaxes* the requirements for
becoming master on /dev/drm0 (they no longer have to be root), how would
that cause those older drivers to stop working?
--
Lauri Tirkkonen | lotheac @ IRCnet
