> Date: Thu, 06 Mar 2014 13:51:45 +0100 > From: Hans de Goede <[email protected]> > > Hi Mark, > > On 03/06/2014 01:23 PM, Mark Kettenis wrote: > > <snip> > > > Oh dear, the wrapper script is back! > > > > Before you go further down this road, may I point out the privilege > > seperation support that we've had in xenocara (Xorg for OpenBSD) for > > years now? As Ilja van Sprundel says, "Xorg guys should steal that > > code!" ;). > > > Our Xorg binary is still setuid, but dropping the setuid bit isn't a > > problem in itself. > > Ideally it would not be suid at all, but agreed that that is not the > biggest problem. > > > What you care about is dropping as many access > > rights as possible, and being setuid you might actually be able to > > drop more of them. > > That sounds like nonsense to me, unless you're API's are broken somewhere > you should be able drop capabilities / whatever just as well as regular > user. Root should only ever be required to gain rights, never to drop > them.
Well, I'm thinking about things like changing to a "nobody" user or doing a chroot(2). Things you might want to do to prevent giving the X server access to a user's files. _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
