Gary Winiger wrote:
>> When started via a display manager such as dtlogin or gdm, Xorg is started
>> as uid 0 by the display manager, and once the user logs in via the display
>> manager, it sets it's uid to the logged in user. (This is after initializing
>> the hardware, setting the IOPL and mapping /dev/xsvc, so uid 0 is no longer
>> needed at that point.)
>
> How about other "login" managers, like xdm and whatever KDE uses?
> Wouldn't it be better for the X server to know when it's done
> initializing and drop its privileges then?
That is the as-yet-unfinished TCA from PSARC 2004/187 (the original Xorg in
Solaris case):
2. The project team is advised to consider dropping unnecessary
privileges (especially fork and exec) through the facilities
provided by "Least Privilege for Solaris" (PSARC 2002/188).
It's still on the todo list when resources allow, though if we get xsvc
replaced with a more secure method of mapping frame buffers, may become
unnecessary. (Of course, the fork and exec privileges mentioned in the
TCA are two we know we have to keep after initialization, but there are
others we may be able to drop.)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
