non root X

Ben Boeckel MathStuf at gmail.com
Thu Aug 6 05:36:50 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Airlie wrote:

> On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote:
>> Hi
>> 
>> A few days back I ran into
>> 
>> http://lists.x.org/archives/xorg-devel/2009-July/001293.html
>> 
>> I am wondering, since we are already using KMS in most places 
in Fedora,
>> how far are we from achieving this by default in a Fedora 
release?
> 
> non-root X is a big security hole at the moment, and until we 
get
> revoke() support in the kernel, we can probably move X to 
running as a
> special user, and maybe once we get revoke to running as the 
real user.
> 
> However it doesn't solve the issue how we know we need or 
don't need
> root since X only figures out what graphics drivers are needed 
after
> starting, so if you needed a non-kms gpu driver we wouldn't 
know
> until after we'd started as non-root.
> 
> Dave.
> 

Could permissions be raised temporarily? PolicyKit with 
(defaulted) auto-approve to load an appropriate driver?

- --Ben (not an X/PolicyKit/kernel hacker)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp6a/MACgkQiPi+MRHG3qS4LQCgisF3c37SJLn70JH8+IrAQ8tY
3GUAoL9joLSIWENC02z8tOq4c8fZijFB
=Sv5U
-----END PGP SIGNATURE-----





More information about the fedora-devel-list mailing list