| 1 |
On Sun, Jun 21, 2020 at 4:53 PM Philip Webb <purslow@××××××××.net> wrote: |
| 2 |
> |
| 3 |
> 200621 Piotr Karbowski wrote: |
| 4 |
> > Title: xorg-server dropping default suid |
| 5 |
> ... |
| 6 |
> > The Gentoo X11 Team is announcing that starting with 15th of July, |
| 7 |
> > the x11-base/xorg-server will no longer default to suid |
| 8 |
> > and will default to using logind interface instead. This change |
| 9 |
> > makes xorg-server run as regular user rather than root by default, |
| 10 |
> > however those who do not have any logind interface provider |
| 11 |
> > -- either systemd or elogind -- will need to enable either |
| 12 |
> > to make it possible to run X session as unprivileged user. |
| 13 |
> > No action is required from systemd and desktop profile users, |
| 14 |
> > since systemd provides logind interface |
| 15 |
> > and desktop profile already enables 'elogind' USE flag globally. |
| 16 |
> > Rest of the non-systemd users is required to globally enable |
| 17 |
> > 'elogind' USE flag and apply it by 'emerge --newuse @world', |
| 18 |
> > after which, re-login is required so that PAM can allocate seat. |
| 19 |
> > One can confirm that a seat has been assigned upon login by running: |
| 20 |
> > $ loginctl user-status |
| 21 |
> > Those who for whatever reason want to preserve current state, |
| 22 |
> > while heavily discouraged, |
| 23 |
> > can still use x11-base/xorg-server with 'suid -elogind'. |
| 24 |
> |
| 25 |
> Gentoo Wiki says : |
| 26 |
> |
| 27 |
> elogind is the systemd project's logind, extracted to a standalone package. |
| 28 |
> It's designed for users who prefer a non-systemd init system, |
| 29 |
> but still want to use popular software such as KDE/Wayland or GNOME |
| 30 |
> that otherwise hard-depends on systemd. |
| 31 |
> |
| 32 |
> startx integration : To have an elogind session created |
| 33 |
> when using startx to start the X server (instead of a display manager), |
| 34 |
> add the following to the user's ~/.xinitrc file : FILE ~/.xinitrc |
| 35 |
> exec dbus-launch --exit-with-session <WINDOW_MANAGER> |
| 36 |
> WINDOW_MANAGER in the above example needs to be replaced |
| 37 |
> by a window manager or a single application. |
| 38 |
> |
| 39 |
> I want to use 'startx' to start X , because I don't want to be trapped |
| 40 |
> if some problem arises with X or KDE or the login manager |
| 41 |
> & I need to change config files or remerge pkgs (etc) to rescue myself. |
| 42 |
> With 'startx' I can do all that work from raw TTYs with no problems, |
| 43 |
> as I am not forced to go into an X session if I don't want to. |
| 44 |
|
| 45 |
Thank you for actually participating in the discussion, unlike the |
| 46 |
last thread about this topic. |
| 47 |
|
| 48 |
> I don't want to use 'systemd', as I want to run a traditional UNIX version |
| 49 |
> of Linux + KDE (or Fluxbox) for a simple single-user desktop system. |
| 50 |
> |
| 51 |
> Why is running 'xorg-server' as root "heavily discouraged" ? |
| 52 |
> -- I've been doing that with Gentoo for > 16 yr without any problems. |
| 53 |
> AFAIK there are no problems re exploits via I/net browsers, |
| 54 |
> which are started by my user as all such user software always is. |
| 55 |
> What might go wrong, if I continue to 'startx' |
| 56 |
> with 'xorg-server' merged with 'suid -elogind' |
| 57 |
> & without the '.xinitrc' line show above in the Wiki ? |
| 58 |
|
| 59 |
For the majority of users (those that use a graphics driver with |
| 60 |
kernel modesetting support), X only needs root access for a small set |
| 61 |
of things: accessing the DRM device node, accessing the input device |
| 62 |
nodes, and some stuff around VTs. The rest of the time, X doesn't need |
| 63 |
root access but still must run as root for those cases I mention. |
| 64 |
|
| 65 |
With elogind, those bits are handled in a small daemon, and X no |
| 66 |
longer needs to run as root. Most people find that to be valuable, |
| 67 |
especially with the knowledge that there have been a number of |
| 68 |
security vulnerabilities found that would allow arbitrary code |
| 69 |
execution in the xserver over the years [1]. |
| 70 |
|
| 71 |
Our current default of USE=suid installs /usr/bin/Xorg with the setuid |
| 72 |
bit set, allowing it to be run *as root* by any user. This enables |
| 73 |
non-root users to execute startx, for example. |
| 74 |
|
| 75 |
I appreciate that Gentoo users are a diverse bunch, to say the least. |
| 76 |
This news item is about *defaults*. I'm happy to explain the value of |
| 77 |
the new default to people who are genuinely curious but I have no |
| 78 |
interest in trying to convince you or anyone else of anything. |
| 79 |
|
| 80 |
You're free to keep the status quo with a single line in |
| 81 |
/etc/portage/package.use. The people building and maintaining the |
| 82 |
distro think that the new defaults are better defaults for the vast |
| 83 |
majority of users, but again they're just defaults. |
| 84 |
|
| 85 |
[1] https://www.cvedetails.com/vulnerability-list/vendor_id-88/product_id-8600/X.org-Xorg-server.html |
Archives