On 2/5/24 06:41, Enrico Weigelt, metux IT consult wrote:
On 02.02.24 21:05, Alan Coopersmith wrote:
Hi,
I suspect for the OS'es that the xserver code builds on today, that
could be replaced by #ifndef WIN32, which would then allow the first
half of that #ifdef in Fopen to be deleted, leaving just the simpler
case, since Fopen is already not built for WIN32.
Does WIN32 still mean 32bit Windows or also more modern ones like
w10/w11 ?
I believe it's still defined for 64-bit Windows, as stated on
https://learn.microsoft.com/en-us/windows/win32/winprog64/additional-considerations
but I never code or build for Windows, so am not the best person to ask.
If the Xserver is run as setuid root,
On which platforms is that still the case ?
Platforms which support users starting the Xserver directly (startx/xinit/etc
instead of via systemd service or display manager) on devices without KMS
support.
I know Solaris is one, since that's the one I work on, but I believe
even some Linux distros still do this - for instance, see the Note about
the "suid" USE flag on https://wiki.gentoo.org/wiki/Xorg/Guide .
And does it need to run as root all the time, instead of after opening
some devices ?
It needs to run as root when opening the devices (both at startup and
when VT switching back to the server from another VT).
We've got a local mechanism in the Solaris packages that takes a message
from gdm at login time and setuid's to the user that just logged in,
since without it, the X server doesn't know what uid to setuid to when
using a display manager (gdm/xdm/etc.) to login, but that's never gone
upstream.
you don't want to let it read
files with root privs that are specified by a non-root user - that
way lies CVEs.
Yes, of course. But can't we just have an extra permission check ?
That would be more code and riskier to implement than the setuid method,
which just delegates to the kernel to be sure.
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
