On Mon, 30 Oct 2017 18:56:02 +0100 Michal Suchanek <hramr...@gmail.com> wrote:
> On 30 October 2017 at 16:02, Pekka Paalanen <ppaala...@gmail.com> wrote: > > On Mon, 30 Oct 2017 15:20:42 +0100 > > Emre Ucan <eu...@de.adit-jv.com> wrote: > > > >> weston does not need to be root. > >> It requires adjusting ownership on the given tty device. > >> > >> If weston does not have proper rights, it will get > >> an error at startup anyway. > >> > >> Signed-off-by: Emre Ucan <eu...@de.adit-jv.com> > >> --- > >> libweston/launcher-direct.c | 3 --- > >> 1 file changed, 3 deletions(-) > >> > >> diff --git a/libweston/launcher-direct.c b/libweston/launcher-direct.c > >> index a5d3ee5..b05d214 100644 > >> --- a/libweston/launcher-direct.c > >> +++ b/libweston/launcher-direct.c > >> @@ -276,9 +276,6 @@ launcher_direct_connect(struct weston_launcher **out, > >> struct weston_compositor * > >> { > >> struct launcher_direct *launcher; > >> > >> - if (geteuid() != 0) > >> - return -EINVAL; > >> - > >> launcher = zalloc(sizeof(*launcher)); > >> if (launcher == NULL) > >> return -ENOMEM; > > > > NAK, for the reasons explained in > > https://lists.freedesktop.org/archives/wayland-devel/2017-October/035582.html > > > > To summarize, it's not only tty permissions but DRM and input devices > > as well. > > DRM and input is supposed to be accessible by console user on desktop systems. Hi Michal, thanks for your concern, but I believe the world has moved on. We have a much better model with an agent like logind now. That old approach had the inherent security issues which I assume have discouraged its use and encouraged looking for better alternatives. > Ever heard of rootless X? Yes. I believe it uses logind now. > Any user on the console should be able to randomly decide to run a GUI > server without any special privileges. Presuming yes, then that is what logind or another agent like weston-launch allows. They also make it harder for you to shoot yourself in the foot by e.g. running two display servers on the same devices simultaneously. > This can be set up by logind or it can be hardcoded by the > administrator to a particular user. Whatever the case just running the > GUI server should work without issues when permissions are set up > correctly. It can be done by setting up user permissions. That does not mean it is the best available solution. > > If you set all these so that weston can actually run without > > root using the direct launcher, then quite likely you have opened some > > security holes. > > > > The direct launcher is specifically meant for running weston as root. > > Running as root is only for debugging and development, never for > > production. > > If you can run it as root you can run it as any user with sufficient > permissions. > > The security implications of different setups should be the concern of > the system administrator and not launcher-direct. I will still refuse to take in code that promotes bad practices where I see it. Enforcement in code is always more powerful than documentation saying one should not do this. Thanks, pq
pgpgQdKOzftGU.pgp
Description: OpenPGP digital signature
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel