| 1 |
On Fri, Jul 10, 2020 at 03:13:55PM +0300, Alexey Mishustin wrote: |
| 2 |
> пт, 10 июл. 2020 г. в 08:27, Walter Dnes <waltdnes@××××××××.org>: |
| 3 |
> |
| 4 |
> > 2) When building xorg-server I got a news item about the "suid" flag |
| 5 |
> > soon no longer being default for xorg-server. I forced it manually on |
| 6 |
> > my laptop and desktop. The other 3 options were... |
| 7 |
> > |
| 8 |
> > * systemd... no thanks. |
| 9 |
> > * elogind... with PAM doing the authentication... no thanks. I've |
| 10 |
> > tangled with PAM in the past once too often. |
| 11 |
> > * some memory-heavy "desktop environment" on my 3-gigs-ram-laptop... |
| 12 |
> > no thanks. |
| 13 |
> |
| 14 |
> There is a way to run rootless X without elogind: |
| 15 |
> |
| 16 |
> For Nouveau and Intel video cards except xorg modesetting driver: |
| 17 |
> https://wiki.gentoo.org/wiki/Non_root_Xorg |
| 18 |
> |
| 19 |
> For AMD video cards and/or xorg modesetting driver: |
| 20 |
> https://forums.gentoo.org/viewtopic-t-1092792-start-0.html |
| 21 |
|
| 22 |
There was some debate on Gentoo-Dev regarding this a while ago ([1] is the |
| 23 |
discussion, and [2] is the final announcement). It was suggested in [3] that |
| 24 |
disabling `suid` is a step forward, as running X as root is "anti-pattern", |
| 25 |
which is probably correct for most cases. Nonetheless, as you do not want to use |
| 26 |
any of the proposed alternatives (XDM or `startx` with systemd/elogind), just |
| 27 |
re-enable `suid` and use X as it always has been used in the past, however |
| 28 |
"anti-UNIX" that may be. |
| 29 |
|
| 30 |
The other fundamental reason for this change was security. As described by Dale |
| 31 |
in [4], from a user's perspective, it should be a reasonable expectation that |
| 32 |
the defaults, especially for such a widely used package, are secure. |
| 33 |
|
| 34 |
[1] https://archives.gentoo.org/gentoo-dev/message/58660319f295f643ae89946d49e0156e |
| 35 |
[2] https://archives.gentoo.org/gentoo-dev/message/b44d49d7a92e01ce97338e9087ec9323 |
| 36 |
[3] https://archives.gentoo.org/gentoo-dev/message/6ce49ea52cbb9a1452e30d4b91f7b27c |
| 37 |
[4] https://archives.gentoo.org/gentoo-dev/message/30b71b916288d028f0557c7c44891f82 |
| 38 |
|
| 39 |
-- |
| 40 |
|
| 41 |
Ashley Dixon |
| 42 |
suugaku.co.uk |
| 43 |
|
| 44 |
2A9A 4117 |
| 45 |
DA96 D18A |
| 46 |
8A7B B0D2 |
| 47 |
A30E BF25 |
| 48 |
F290 A8AA |
Archives