Gentoo Archives: gentoo-dev

From: Piotr Karbowski <slashbeast@g.o>
To: gentoo-dev@l.g.o, pr@g.o
Subject: [gentoo-dev] Re: News item: xorg-server dropping default suid
Date: Mon, 22 Jun 2020 21:27:17
Message-Id: 3e0b721a-fb4c-026a-9e98-4075a121025a@gentoo.org
In Reply to: [gentoo-dev] News item: xorg-server dropping default suid by Piotr Karbowski
1 Title: xorg-server dropping default suid
2 Author: Piotr Karbowski <slashbeast@g.o>
3 Posted: 2020-06-22
4 Revision: 2
5 News-Item-Format: 2.0
6 Display-If-Installed: x11-base/xorg-server
7
8 Starting 2020-07-15, x11-base/xorg-server will default to using the
9 logind interface instead of suid by default. resulting in better
10 security by default through running the server as a regular user instead
11 of root. However, this will require our users to use a logind provider
12 such as elogind or systemd. The systemd users and those who are not
13 using systemd but use desktop profiles can stop reading here, as they
14 already have a logind provider enabled.
15
16 Others, who have neither systemd or desktop profiles enabled will be
17 required to globally enable 'elogind' USE flag and update the system
18
19     # emerge --newuse @world
20
21 Afterwards, one will need to re-login, so the PAM can assign a seat. One
22 can confirm that a seat has been assigned upon login by running:
23
24     $ loginctl user-status
25
26 Users who do not wish to use logind interface or have rare hardware that
27 does not use KMS and because of that, require root privileges to
28 operate, can manually re-enable 'suid' and disable 'elogind' USE flags
29 in order to preserve the previous behavior. However, please note that
30 this is heavily discouraged to run X server as root due to security
31 reasons. The 'suid' USE flag will remain as optional opt-in for the need
32 of legacy hardware.

Attachments

File name MIME type
signature.asc application/pgp-signature