On 3/26/12, Alan Coopersmith <alan.coopersm...@oracle.com> wrote: > On 03/26/12 09:07 PM, Jamey Sharp wrote: >> Maybe I have it right this time: On Debian, there's no problem, >> because /usr/bin/X is a trivial suid wrapper and /usr/bin/Xorg is not >> installed suid. Solaris and other Unixes could take the same approach, >> right? > > However, if the suid wrapper allows non-root users to specify arbitrary files > to -config, then it's a dangerous security hole we can't allow (and since the > Debian people aren't stupid, I assume it does not). If it doesn't allow > -config through, then I don't see how it would help here.
The key is to have a *non*-suid copy of the server available for those who don't need root privs for their configuration. In that mode all options can be processed without the server performing security checks, and if you try to subvert system security the OS will stop you. Systems that still need to allow non-root users to run the server with root privileges (hopefully a dwindling set over time) can either ship a suid wrapper, or ship a second copy of the server that has the suid bit set, whichever makes more sense to the packagers. Jamey _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
