1 |
On Tue, May 26, 2020 at 4:12 AM Haelwenn (lanodan) Monnier |
2 |
<contact@×××××××××.me> wrote: |
3 |
> |
4 |
> [2020-05-25 23:41:23+0200] Piotr Karbowski: |
5 |
> > There are 3 common ways the xorg-server is started: |
6 |
> > |
7 |
> > - via XDM of some sort, usually forked as root, does not require suid, |
8 |
> > systemd or elogind. |
9 |
> |
10 |
> Launching X as root and having it be suid is quite the same thing… |
11 |
> |
12 |
|
13 |
Sort-of. An SUID X binary is a potential source of vulnerabilities |
14 |
even if you never run it, since it is still sitting there and ready to |
15 |
be exploited by somebody else. It also gives a user more control over |
16 |
how X is launched as root (command lines/control over stdin/out, etc). |
17 |
When X is launched as root by something the user doesn't control it |
18 |
reduces the attack surface somewhat. And if you never launch X11 at |
19 |
all it is just another unprivileged binary that can't do anything the |
20 |
user can't already do with system calls. |
21 |
|
22 |
In any case, setting suid on any binary is something that should only |
23 |
be done if there is no other practical solution. It certainly seems |
24 |
like this shouldn't be the default, especially if it is available for |
25 |
users to toggle if they wish. We can always put out a news item when |
26 |
this changes. If elogind is already enabled by default on a profile, |
27 |
then it doesn't make sense to ship X11 suid with that same profile |
28 |
when it isn't necessary. If a user wants to depart from the default |
29 |
config to not use elogind then they can just change the USE flag on |
30 |
xorg as well. |
31 |
|
32 |
-- |
33 |
Rich |