Bug#802544: Xorg.wrap move to xorg-legacy broke X startup (permissions)
Package: xserver-xorg-legacy
Version: 2:1.17.2-3
Severity: grave
I recently did an upgrade of X, which broke it on my machine.
Here are old (working) and new (broken) versions that apt-get
installed, as shown in /var/log/apt/history.log:
xserver-xorg-core:amd64 (1.17.2-1.1, 1.17.2-3)
This upgrade has broken X startup for me. Here is how
I start X (as ordinary user):
exec setsid env -i \
LOGNAME=$LOGNAME \
USER=$USER \
HOME=$HOME \
PATH=$PATH \
EDITOR=$EDITOR \
DISPLAY=$DISPLAY \
SHELL=$SHELL \
TERM=$TERM \
LANG=$LANG \
X :0 vt63 \
-dpi 106 \
-nolisten tcp \
-noreset \
-keeptty \
-novtswitch
Then I run my window manager. This has worked for me
at least 10 years. I am using KMS (Intel i965GM):
$ fbset
mode "1024x768"
geometry 1024 768 1024 768 32
timings 0 0 0 0 0 0 0
accel true
rgba 8/16,8/8,8/0,0/0
endmode
$ dmesg | grep fbcon:
fbcon: inteldrmfb (fb0) is primary device
I have been able to run the X server (as an ordinary user)
using /usr/bin/X since modesetting was originally
implemented in the kernel.
Looking at the ChangeLog, I saw that /usr/bin/X was actually a
wrapper, which was moved to xserver-xorg-legacy. Ok then:
Install: xserver-xorg-legacy:amd64 (1.17.2-3)
Problem 1: after upgrade, permissions bad on device
/usr/lib/xorg/Xorg.wrap: (EE) xf86OpenConsole:
Cannot open virtual console 63 (Permission denied)
That didn't happen before. It's mode 0620 root:tty, and
I'm not in the tty group, so the wrapper must have opened
the terminal with escalated privs before the upgrade, but
not after. Note that I routinely "pkill X" to kill my
server -- as the ordinary user that started it -- so it
was definitely running without privs after initialization.
It must have done something while setuid, and then dropped
the privs.
My /etc/X11/Xwrapper.config contains the single line:
allowed_users=anybody
I changed /dev/tty63 to mode 0666 to move past this, but
then got a new problem.
Problem 2: after upgrade, IO ports operation not permitted:
X: xf86EnableIOPorts: failed to set IOPL for I/O
(Operation not permitted)
I tried invoking Xorg.wrap directly (to eliminate the new
shell script at /usr/bin/X) and also copying it into place as
/usr/bin/X, but neither works, same errors. I traced it to be
sure it was running the wrapper. Not clear to me why this is
broken, since the ChangeLog implies only that it moved to a
different package. But clearly the behavior is different now
and it actually works differently.
Note, X *does* start fine as root with the new package, but, I
don't want to run my X server as root, and didn't have to
before this upgrade.
Note, I used same kernel before and after: 4.1.0-2-amd64
Downgrade fixes it:
Commandline: apt-get install xserver-xorg-core=2:1.17.2-1.1
Downgrade: xserver-xorg-core:amd64 (1.17.2-3, 1.17.2-1.1)
Remove: xserver-xorg-legacy:amd64 (1.17.2-3),
xserver-xspice:amd64 (0.1.4-3),
xserver-xorg:amd64 (7.7+12)
Commandline: apt-get install xserver-xorg=1:7.7+9
Install: xserver-xorg:amd64 (7.7+9)
Note that I *do not* use systemd. Please don't tell me I have
to either use systemd, or run my X server as root. I didn't
have to do either before this upgrade.
Please advise; thanks.
Reply to: