1 |
On Sun, Jun 21, 2020 at 4:53 PM Philip Webb <purslow@××××××××.net> wrote: |
2 |
> |
3 |
> 200621 Piotr Karbowski wrote: |
4 |
> > Title: xorg-server dropping default suid |
5 |
> ... |
6 |
> > The Gentoo X11 Team is announcing that starting with 15th of July, |
7 |
> > the x11-base/xorg-server will no longer default to suid |
8 |
> > and will default to using logind interface instead. This change |
9 |
> > makes xorg-server run as regular user rather than root by default, |
10 |
> > however those who do not have any logind interface provider |
11 |
> > -- either systemd or elogind -- will need to enable either |
12 |
> > to make it possible to run X session as unprivileged user. |
13 |
> > No action is required from systemd and desktop profile users, |
14 |
> > since systemd provides logind interface |
15 |
> > and desktop profile already enables 'elogind' USE flag globally. |
16 |
> > Rest of the non-systemd users is required to globally enable |
17 |
> > 'elogind' USE flag and apply it by 'emerge --newuse @world', |
18 |
> > after which, re-login is required so that PAM can allocate seat. |
19 |
> > One can confirm that a seat has been assigned upon login by running: |
20 |
> > $ loginctl user-status |
21 |
> > Those who for whatever reason want to preserve current state, |
22 |
> > while heavily discouraged, |
23 |
> > can still use x11-base/xorg-server with 'suid -elogind'. |
24 |
> |
25 |
> Gentoo Wiki says : |
26 |
> |
27 |
> elogind is the systemd project's logind, extracted to a standalone package. |
28 |
> It's designed for users who prefer a non-systemd init system, |
29 |
> but still want to use popular software such as KDE/Wayland or GNOME |
30 |
> that otherwise hard-depends on systemd. |
31 |
> |
32 |
> startx integration : To have an elogind session created |
33 |
> when using startx to start the X server (instead of a display manager), |
34 |
> add the following to the user's ~/.xinitrc file : FILE ~/.xinitrc |
35 |
> exec dbus-launch --exit-with-session <WINDOW_MANAGER> |
36 |
> WINDOW_MANAGER in the above example needs to be replaced |
37 |
> by a window manager or a single application. |
38 |
> |
39 |
> I want to use 'startx' to start X , because I don't want to be trapped |
40 |
> if some problem arises with X or KDE or the login manager |
41 |
> & I need to change config files or remerge pkgs (etc) to rescue myself. |
42 |
> With 'startx' I can do all that work from raw TTYs with no problems, |
43 |
> as I am not forced to go into an X session if I don't want to. |
44 |
|
45 |
Thank you for actually participating in the discussion, unlike the |
46 |
last thread about this topic. |
47 |
|
48 |
> I don't want to use 'systemd', as I want to run a traditional UNIX version |
49 |
> of Linux + KDE (or Fluxbox) for a simple single-user desktop system. |
50 |
> |
51 |
> Why is running 'xorg-server' as root "heavily discouraged" ? |
52 |
> -- I've been doing that with Gentoo for > 16 yr without any problems. |
53 |
> AFAIK there are no problems re exploits via I/net browsers, |
54 |
> which are started by my user as all such user software always is. |
55 |
> What might go wrong, if I continue to 'startx' |
56 |
> with 'xorg-server' merged with 'suid -elogind' |
57 |
> & without the '.xinitrc' line show above in the Wiki ? |
58 |
|
59 |
For the majority of users (those that use a graphics driver with |
60 |
kernel modesetting support), X only needs root access for a small set |
61 |
of things: accessing the DRM device node, accessing the input device |
62 |
nodes, and some stuff around VTs. The rest of the time, X doesn't need |
63 |
root access but still must run as root for those cases I mention. |
64 |
|
65 |
With elogind, those bits are handled in a small daemon, and X no |
66 |
longer needs to run as root. Most people find that to be valuable, |
67 |
especially with the knowledge that there have been a number of |
68 |
security vulnerabilities found that would allow arbitrary code |
69 |
execution in the xserver over the years [1]. |
70 |
|
71 |
Our current default of USE=suid installs /usr/bin/Xorg with the setuid |
72 |
bit set, allowing it to be run *as root* by any user. This enables |
73 |
non-root users to execute startx, for example. |
74 |
|
75 |
I appreciate that Gentoo users are a diverse bunch, to say the least. |
76 |
This news item is about *defaults*. I'm happy to explain the value of |
77 |
the new default to people who are genuinely curious but I have no |
78 |
interest in trying to convince you or anyone else of anything. |
79 |
|
80 |
You're free to keep the status quo with a single line in |
81 |
/etc/portage/package.use. The people building and maintaining the |
82 |
distro think that the new defaults are better defaults for the vast |
83 |
majority of users, but again they're just defaults. |
84 |
|
85 |
[1] https://www.cvedetails.com/vulnerability-list/vendor_id-88/product_id-8600/X.org-Xorg-server.html |