1 |
On Fri, Jul 10, 2020 at 03:13:55PM +0300, Alexey Mishustin wrote: |
2 |
> пт, 10 июл. 2020 г. в 08:27, Walter Dnes <waltdnes@××××××××.org>: |
3 |
> |
4 |
> > 2) When building xorg-server I got a news item about the "suid" flag |
5 |
> > soon no longer being default for xorg-server. I forced it manually on |
6 |
> > my laptop and desktop. The other 3 options were... |
7 |
> > |
8 |
> > * systemd... no thanks. |
9 |
> > * elogind... with PAM doing the authentication... no thanks. I've |
10 |
> > tangled with PAM in the past once too often. |
11 |
> > * some memory-heavy "desktop environment" on my 3-gigs-ram-laptop... |
12 |
> > no thanks. |
13 |
> |
14 |
> There is a way to run rootless X without elogind: |
15 |
> |
16 |
> For Nouveau and Intel video cards except xorg modesetting driver: |
17 |
> https://wiki.gentoo.org/wiki/Non_root_Xorg |
18 |
> |
19 |
> For AMD video cards and/or xorg modesetting driver: |
20 |
> https://forums.gentoo.org/viewtopic-t-1092792-start-0.html |
21 |
|
22 |
There was some debate on Gentoo-Dev regarding this a while ago ([1] is the |
23 |
discussion, and [2] is the final announcement). It was suggested in [3] that |
24 |
disabling `suid` is a step forward, as running X as root is "anti-pattern", |
25 |
which is probably correct for most cases. Nonetheless, as you do not want to use |
26 |
any of the proposed alternatives (XDM or `startx` with systemd/elogind), just |
27 |
re-enable `suid` and use X as it always has been used in the past, however |
28 |
"anti-UNIX" that may be. |
29 |
|
30 |
The other fundamental reason for this change was security. As described by Dale |
31 |
in [4], from a user's perspective, it should be a reasonable expectation that |
32 |
the defaults, especially for such a widely used package, are secure. |
33 |
|
34 |
[1] https://archives.gentoo.org/gentoo-dev/message/58660319f295f643ae89946d49e0156e |
35 |
[2] https://archives.gentoo.org/gentoo-dev/message/b44d49d7a92e01ce97338e9087ec9323 |
36 |
[3] https://archives.gentoo.org/gentoo-dev/message/6ce49ea52cbb9a1452e30d4b91f7b27c |
37 |
[4] https://archives.gentoo.org/gentoo-dev/message/30b71b916288d028f0557c7c44891f82 |
38 |
|
39 |
-- |
40 |
|
41 |
Ashley Dixon |
42 |
suugaku.co.uk |
43 |
|
44 |
2A9A 4117 |
45 |
DA96 D18A |
46 |
8A7B B0D2 |
47 |
A30E BF25 |
48 |
F290 A8AA |