On 9/29/11, Antoine Martin <[email protected]> wrote: > OK, I've looked for at all the places that use getuid or getuid, and found: > * os-support/* some checks for euid!=0 for console stuff / KeepTTY, > which I have left alone > * parser/write.c also left alone for now - I can look into it too if you > want.
I still suspect that *all* such checks are wrong, but I don't mind leaving them alone until somebody can demonstrate how they should work. > * common/xf86Init.c: ddxProcessArgument and ddxUseMsg patched, see > attachment. > > With just this small patch and the correct xorg.conf as per below I can > run "dummy" non-root without problems. Does it look acceptable? I don't see anything wrong with it, so I'm happy to provide my Reviewed-by: Jamey Sharp <[email protected]> but since it's security-related I'd like to see somebody else review it too before it gets merged. Others will have an easier time reviewing and merging your patch if you follow these guidelines: http://wiki.x.org/wiki/Development/Documentation/SubmittingPatches > The only other patch required to make this useful for non-root users is > the one that allows for absolute config files I had posted earlier, > otherwise I don't see how one can launch using custom config files as > the "-config" option does not seem to honour the "-configdir" option. > Obviously this would now need an extra euid!=uid check. > Or am I missing something again? Looks to me like all you need for this bit is to fix the getuid check in xf86HandleConfigFile. The USER_CONFIGPATH lists both absolute and relative paths as the first things it checks, and this also takes care of -configdir. (But -configdir doesn't do what you think it does.) >>> If that's all the issues you've had, I'm hoping that just fixing the >>> stupid "am I root?" checks will take care of everything you need. >>> Anything missing? > I don't think so - works-for-me(tm) Hooray! > I guess distributors will then have to ship two copies of /usr/bin/Xorg, > one that is suid-root and one that isn't? (until we can get rid of the > suid one entirely, one day) Amusingly, any user can get a non-suid copy of a suid binary. "cp" will do. But I think adding a "-dropprivs" flag wouldn't be a terrible plan. It should wait until we find out if distros actually have this problem, though, especially since apparently it's hard to fully drop privileges correctly and portably. Jamey _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
