[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xorg replaces TTY1

On 2015-11-27 09:09:37 -0500, The Wanderer wrote:
> On 2015-11-22 at 19:45, Brian wrote:
> > Quoting:
> > 
> >   There are 2 reasons for this change:
> > 
> >   1) It is needed to make Xorg run without root rights
> 
> Which has never been necessary before...
> 
> I can see why it would be desirable to make it possible to run (as
> opposed to launch) X under the UID of a non-root user, but IMO the
> tradeoff here is not worth it - or, rather, pushing that tradeoff on
> every user automatically (rather than leaving the existing behavior in
> place, and enabling each user to decide for him- or herself on the
> relative merits of the tradeoff) is not worth it.
> 
> (This also doesn't explain _why_ achieving that goal requires this
> change... and although I can guess, the details might still be helpful.)

Due to /dev/tty* permissions? But IMHO, a better and more secure fix
should have been something else. Since X is a client-server system,
I don't see why it would need all the privileges of the current user
(similarly a SUID root program can drop privileges when need be).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: