> Date: Tue, 27 Mar 2012 06:03:03 -0700 > From: Jamey Sharp <[email protected]> > > On 3/26/12, Alan Coopersmith <[email protected]> wrote: > > On 03/26/12 09:07 PM, Jamey Sharp wrote: > >> Maybe I have it right this time: On Debian, there's no problem, > >> because /usr/bin/X is a trivial suid wrapper and /usr/bin/Xorg is not > >> installed suid. Solaris and other Unixes could take the same approach, > >> right? > > > > However, if the suid wrapper allows non-root users to specify arbitrary > > files > > to -config, then it's a dangerous security hole we can't allow (and since > > the > > Debian people aren't stupid, I assume it does not). If it doesn't allow > > -config through, then I don't see how it would help here. > > The key is to have a *non*-suid copy of the server available for those > who don't need root privs for their configuration. In that mode all > options can be processed without the server performing security > checks, and if you try to subvert system security the OS will stop > you.
This is based on the (false) assumption that a suid Xorg is making things less secure. It is perhaps somewhat non-intuitive, but a suid-root binary can use its powers to drop priviliges and become less priviliged than a normal user. So a *non*-suid Xorg should not be a goal in itself. _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
