[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root

On Mon, 6 Dec 1999, Ivan Popov wrote:

> > The X server itself has to be trusted, since it is installed by root,

> Not necessarily. It depends on the underlying technology.
> If the user e.g. owns the relevant device, Xserver may be run by the user.
> Think XGGI.

> In that case Xserver is definitely not trustable by any other user.

Which makes this a configuration error on the part of the system
administrator, and they've no one to blame but themselves when they type the
root password in and are bitten by it.

Right now, in most *standard* X server configurations, the X server can be
trusted because it needs root permission.

If you don't want to install the X server suid root, and you're using an X
server that uses a unix device, you can always create a special system user,
set the device up so that *only* that user can access it, and set the X
server suid to that user.

I don't see why you would want to give arbitrary users access to the
framebuffer device in the first place.

-Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []