Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: X.Org Server 1.16, Rootless X Now Available For Arch Linux

  1. #11
    Join Date
    Jul 2013
    Posts
    433

    Default

    Quote Originally Posted by jacob View Post
    Sorry, I'm confused as to the meaning of "rootless X": does it mean that X runs as an unprivileged process, or that it does not manage the whole screen?
    runs under an normal user (instead of "root")

  2. #12
    Join Date
    Feb 2014
    Posts
    29

    Default

    I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.

  3. #13
    Join Date
    Jan 2014
    Posts
    240

    Default

    Quote Originally Posted by Tom B View Post
    I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
    Care to explain what the security risk is? AFAIK the biggest X threat is via the network transparency protocols. The ordinary user hardly can interfere with root owned X11 process?

  4. #14
    Join Date
    Feb 2014
    Posts
    29

    Default

    Simply put, anything which exploits any part of the X server is running as a process with root privileges. It breaks the principle of least privilege, although likely difficult to exploit it's almost certainly not impossible. Any software that communicates with X could potentially exploit part of it and get root privileges, now it's unlikely but given the common sense approach of "don't run stuff as root", running X as root has always been a bit of an oversight.

  5. #15
    Join Date
    Oct 2008
    Posts
    3,212

    Default

    Quote Originally Posted by Tom B View Post
    I'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
    It was pretty much impossible before they moved the hardware management code out of X and into the kernel. Which has taken a long time to get working.

  6. #16
    Join Date
    Jul 2013
    Posts
    76

    Default

    Should this prevent X taking down the whole system? I've always had an issue where X crashes, the whole system becomes unresponsive, forcing a manual power down.

  7. #17
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,277

    Default

    No, not running as root won't affect its ability to bring down your system.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •