On Thu, Oct 22, 2015 at 14:39:40 -0700, Scott Mcdermott wrote: > Julien Cristau on 2015/10/22 +0200 @07:47:28: > > > That would surely be a regression. Debian went > > > from a working X that dropped privileges, to a > > > non-working X that can only be run as root. Huh?? > > > > No, Debian is going from an X server that always runs > > as root to one that can run as unprivileged user in > > most cases. There was previously no dropping > > privileges. > > Ok, my mistake; I inferred from being able to "pkill X" > successfully as ordinary user, that it was not running > as root. It turns out that while X runs with ruid=user > (which allows kill(2) to work), it retains euid=0 still > the whole time. Thank you for your correction. > > However, since I'm running KMS, I don't understand why > root is needed (ignoring the tty permission issue -- I > could make easily make a group for this) in the first > place? > > I found three places which make me think this is both > possible and was working at some point: > > 1. I found a trivial patch[1] that was in both Ubuntu > and ChromeOS before, which added a '-nohwaccess' > flag to Xorg, which basically just no-oped > xf86EnableIOPorts, and it seemed to work fine for > people before... > > 2. I also found a mailing list post[2] indicating that > Gentoo Hardened removed ioperm(2) and iopl(2) from > their kernel entirely and X still ran fine (with > KMS) once it was told to continue (ignore the > error). > > 3. it looks like Xorg itself merged a fix[3][4] to > ignore hardware I/O port error, based on comments[5] > by keithp. > > Why can't '-nohwaccess' flag be added to the X server > (I'll handle device node permissions myself)? > Alternatively, why not just have X drop privs via > setreuid() after it does whatever it thinks it has to > with the hardware? > > Also, how does systemd-logind do this? It must have > euid=0 itself do the iopl, unless there is some magic > trick? > > Please do not force me to install systemd. I realize I > can run the X server as root, but there seems to be a > trivial way to make it so that those of us who don't > use systemd (but still use Debian) don't have to run > our X server as root either. > The main problem logind solves for display servers (and which is privileged) is access to input devices. Something has to decide which user session gets to read from which input devices. That's logind's job. It's still privileged, but it's a lot less code than the whole X server. AIUI ChromeOS could get away without that because, being a single-user system, it doesn't care about one user reading another user's passwords. You can still use this without systemd as pid 1 (why one would want to keep sysvinit is beyond me, but whatever); you do need logind though. Cheers, Julien
Attachment:
signature.asc
Description: PGP signature