Announcement

Collapse
No announcement yet.

X.Org Server 1.16, Rootless X Now Available For Arch Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server 1.16, Rootless X Now Available For Arch Linux

    Phoronix: X.Org Server 1.16, Rootless X Now Available For Arch Linux

    This week X.Org Server 1.16 was promoted for Arch Linux with a number of end-user changes as a result...

    http://www.phoronix.com/vr.php?view=MTc1NDU

  • #2
    Running X *not* through a login manager (display manager?) also does not make X root-less here. But eh, at least itís still working.

    Comment


    • #3
      Originally posted by stqn View Post
      Running X *not* through a login manager (display manager?) also does not make X root-less here. But eh, at least itís still working.
      It also doesn't work with proprietary drivers.

      Comment


      • #4
        Originally posted by Teho View Post
        It also doesn't work with proprietary drivers.
        Ah, maybe thatís why, Iím using the nvidia blob. Thanks!

        Comment


        • #5
          Actually 1.16 landed in [extra] last monday. It also looks like DRI3 has been reenabled. I can't find the disable-dri3.patch in the package sources anymore. It was fixed upstream with this patch.

          https://bugs.freedesktop.org/show_bug.cgi?id=81551

          Rootless X works only with open source drivers and when using startx. Support in other login managers is still to come.
          Last edited by blackout23; 08-03-2014, 12:04 PM.

          Comment


          • #6
            It was seamless for me. I've been using autologin on tty with startx instead of a display manager, I updated a few days ago and it worked out of the box on radeonsi and intel.

            Comment


            • #7
              It is still disabled for intel with "--disable-dri3".

              Comment


              • #8
                Originally posted by startzz View Post
                It is still disabled for intel with "--disable-dri3".
                Maybe they should just ship the patch that was made instead.

                Comment


                • #9
                  Looks like latest intel-dri in testing has --enable-dri3
                  https://projects.archlinux.org/svnto...=packages/mesa

                  Comment


                  • #10
                    Rootless?

                    Sorry, I'm confused as to the meaning of "rootless X": does it mean that X runs as an unprivileged process, or that it does not manage the whole screen?

                    Comment


                    • #11
                      Originally posted by jacob View Post
                      Sorry, I'm confused as to the meaning of "rootless X": does it mean that X runs as an unprivileged process, or that it does not manage the whole screen?
                      runs under an normal user (instead of "root")

                      Comment


                      • #12
                        I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.

                        Comment


                        • #13
                          Originally posted by Tom B View Post
                          I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
                          Care to explain what the security risk is? AFAIK the biggest X threat is via the network transparency protocols. The ordinary user hardly can interfere with root owned X11 process?

                          Comment


                          • #14
                            Simply put, anything which exploits any part of the X server is running as a process with root privileges. It breaks the principle of least privilege, although likely difficult to exploit it's almost certainly not impossible. Any software that communicates with X could potentially exploit part of it and get root privileges, now it's unlikely but given the common sense approach of "don't run stuff as root", running X as root has always been a bit of an oversight.

                            Comment


                            • #15
                              Originally posted by Tom B View Post
                              I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
                              It was pretty much impossible before they moved the hardware management code out of X and into the kernel. Which has taken a long time to get working.

                              Comment

                              Working...
                              X