Eric Anholt wrote (in a message from 13)
>
> My todo list includes fixing this, probably by making 'X' be a script
> that checks for Xwrapper-4 and otherwise runs XFree86. I'm interested
> in what other distributions have done about this.
In OpenBSD we've implemented a scheme where the X server does all the
initialisations that need root early during startup and then totally
remvoves its privileges. This consideralby reduces the impact of the
setuid bit, since the amount of code that can abuse it is reduced to a
few hundreds of lines.
This works quite well but also has some problems (re-opening the mouse
device after a virtual terminal switch for instance). To solve them I'm
probably going to implement privilege separation (in the way Niels
Provos did it for OpenSSH) in the X Server.
BTW, this discussion should move to devel@ shouldn't it?
Matthieu
_______________________________________________
XFree86 mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xfree86
