Announcement

Collapse
No announcement yet.

X.Org Server Now Runs Without Root On OpenBSD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server Now Runs Without Root On OpenBSD

    Phoronix: X.Org Server Now Runs Without Root On OpenBSD

    The OpenBSD operating system now supports running its X.Org Server without root permissions for better security...

    http://www.phoronix.com/vr.php?view=MTYxMjg

  • #2
    I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

    One could make an exception for those using nvidia or fglrx and make that run as root.

    Comment


    • #3
      Originally posted by Rexilion View Post
      I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?
      yes, every now and then someone proclaimed "rootless X works now!".

      but then again (gentoo)
      Code:
      ~> ps aux | grep X
      root      2052  4.1  0.9 202528 72644 tty7     Ssl+ Feb15 502:03 /usr/bin/X -br -novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/...

      Comment


      • #4
        It's explained here: https://wiki.ubuntu.com/X/Rootless

        It mostly comes down to /dev/input/* handling. On single user, one could chown and chmod your way out. You need to do this for the VT as well but that is not a problem. Furthermore, it would require some UDEV handling for plugging in/out devices causing nodes in /dev/input to disappear or reappear.

        I might make this a project for my parents laptop and PC. Looks doable, interesting and beneficial.

        I might consider creating a privileged user for X and let the default user piggyback on it (setgid might do this) as reported in the wiki. The only thing that would result from an exploit in X would allow one to snoop keyboard/mouse data. But that also the case right now.

        Comment


        • #5
          Weird 5 minute rule, anyways:

          EDIT: I'm also concerned about external monitor handling. If I plug in the TV with a D-sub cable, will that still work? Are these part of the DRM ioctls? Who knows...

          Comment


          • #6
            Linux

            Great!

            I wish Linux would have this too.

            One can hope that FreeBSD, NetBSD and DragonFly BSD ports this from OpenBSD.

            Comment


            • #7
              No good reasons to use OpenBSD as a desktop

              Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
              If anyone think differently, please do explain.

              * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
              * Basically zero X applications are packaged for the OS.
              * It is SLOW, especially X and SMP performance is terrible.
              * Its hardware support is lacking.

              I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...

              Comment


              • #8
                Originally posted by Rexilion View Post
                I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

                One could make an exception for those using nvidia or fglrx and make that run as root.
                https://fedoraproject.org/wiki/Chang...houtRootRights

                Comment


                • #9
                  Thanks! But I think it might take a while before this will hit Arch. I'll certainly keep an eye on this.

                  Comment


                  • #10
                    Originally posted by chrisq View Post
                    Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
                    If anyone think differently, please do explain.

                    * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
                    * Basically zero X applications are packaged for the OS.
                    * It is SLOW, especially X and SMP performance is terrible.
                    * Its hardware support is lacking.

                    I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...
                    I'm running OpenBSD as my default desktop OS at home for some time now and I find it a breeze of fresh are compared to the linux world in terms of consistency and ease of use.

                    * Getting X up and running is just a matter of saying you want to run X in the installer and enabling xdm (or install another dm later on).
                    * The default applications are just the onces bundled with the OS and make sure they are licensed in accordance with the OpenBSD standard, the codebase is up to the OpenBSD standards (these guys are major clean code advocates). To install extra software you need to set your PKG_PATH environment variable to <mirror.tld>/pub/OpenBSD/`uname -r`/packages/`uname -m` where <mirror.tld> is one of http://www.openbsd.org/ftp.html and where uname -r can be replaced with snapshots if you're following -current (development branch). To search packages do pkg_info -Q <keyword> and to install do pkg_add <package-name>.
                    * It is true that it is slower then most linux systems. This is because they still (mostly) work via the biglock system and because they don't do quick hacks just to speed up things.
                    * Everything I use is supported. But I do agree that some peripherals aren't fully supported. To name the major ones: 802.11n, bluetooth and xHCI.

                    If you are truely willing to give OpenBSD a shot I recommend you use it for a couple of weeks and enjoy their great documentation (either via man-pages or http://www.openbsd.org/faq/). An inconsitency or something missing in the documentation is considered a bug. Also joining the mailing lists can help you a great deal (http://www.openbsd.org/mail.html).

                    And if you're looking for an easy to set up gnome environment you can give http://undeadly.org/cgi?action=artic...20140219085851 a shot.

                    Comment


                    • #11
                      Originally posted by Rexilion View Post
                      Thanks! But I think it might take a while before this will hit Arch. I'll certainly keep an eye on this.
                      hopefully, i'll never see it. i'd rather get wayland

                      Comment


                      • #12
                        Originally posted by justmy2cents View Post
                        hopefully, i'll never see it. i'd rather get wayland
                        I'll wait another 3 years before most of the bugs are ironed out once a compositor is released. At this rate, who knows when we'll see a day to day use version?

                        Comment


                        • #13
                          Originally posted by uid313
                          I wish Linux would have this too.
                          Ever hear of Wayland and Weston?

                          Originally posted by chrisq
                          I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...
                          There are none. You are far better off installing something else which will likely be far more useful.
                          Last edited by endman; 03-01-2014, 04:37 PM.

                          Comment


                          • #14
                            Originally posted by endman View Post
                            Ever hear of Wayland and Weston?
                            You'll be waiting a while yet for them to be functional replacements for X11.

                            There are none. You are far better off installing something else which will likely be far more useful.
                            He can simply install GNOME 3 or KDE, XFce, whatever suits him- and then work from there.

                            Comment


                            • #15
                              Originally posted by phoronix View Post
                              Phoronix: X.Org Server Now Runs Without Root On OpenBSD

                              The OpenBSD operating system now supports running its X.Org Server without root permissions for better security...

                              http://www.phoronix.com/vr.php?view=MTYxMjg

                              Thanks for article, this is definitely good news

                              Comment

                              Working...
                              X