Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: X.Org Server Now Runs Without Root On OpenBSD

  1. #1
    Join Date
    Jan 2007
    Posts
    15,378

    Default X.Org Server Now Runs Without Root On OpenBSD

    Phoronix: X.Org Server Now Runs Without Root On OpenBSD

    The OpenBSD operating system now supports running its X.Org Server without root permissions for better security...

    http://www.phoronix.com/vr.php?view=MTYxMjg

  2. #2
    Join Date
    Dec 2012
    Posts
    459

    Default

    I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

    One could make an exception for those using nvidia or fglrx and make that run as root.

  3. #3
    Join Date
    Nov 2008
    Posts
    780

    Default

    Quote Originally Posted by Rexilion View Post
    I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?
    yes, every now and then someone proclaimed "rootless X works now!".

    but then again (gentoo)
    Code:
    ~> ps aux | grep X
    root      2052  4.1  0.9 202528 72644 tty7     Ssl+ Feb15 502:03 /usr/bin/X -br -novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/...

  4. #4
    Join Date
    Dec 2012
    Posts
    459

    Default

    It's explained here: https://wiki.ubuntu.com/X/Rootless

    It mostly comes down to /dev/input/* handling. On single user, one could chown and chmod your way out. You need to do this for the VT as well but that is not a problem. Furthermore, it would require some UDEV handling for plugging in/out devices causing nodes in /dev/input to disappear or reappear.

    I might make this a project for my parents laptop and PC. Looks doable, interesting and beneficial.

    I might consider creating a privileged user for X and let the default user piggyback on it (setgid might do this) as reported in the wiki. The only thing that would result from an exploit in X would allow one to snoop keyboard/mouse data. But that also the case right now.

  5. #5
    Join Date
    Dec 2012
    Posts
    459

    Default

    Weird 5 minute rule, anyways:

    EDIT: I'm also concerned about external monitor handling. If I plug in the TV with a D-sub cable, will that still work? Are these part of the DRM ioctls? Who knows...

  6. #6
    Join Date
    Dec 2011
    Posts
    2,153

    Default Linux

    Great!

    I wish Linux would have this too.

    One can hope that FreeBSD, NetBSD and DragonFly BSD ports this from OpenBSD.

  7. #7
    Join Date
    Jan 2014
    Posts
    13

    Default No good reasons to use OpenBSD as a desktop

    Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
    If anyone think differently, please do explain.

    * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
    * Basically zero X applications are packaged for the OS.
    * It is SLOW, especially X and SMP performance is terrible.
    * Its hardware support is lacking.

    I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...

  8. #8

    Default

    Quote Originally Posted by Rexilion View Post
    I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

    One could make an exception for those using nvidia or fglrx and make that run as root.
    https://fedoraproject.org/wiki/Chang...houtRootRights

  9. #9
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by RahulSundaram View Post
    Thanks! But I think it might take a while before this will hit Arch. I'll certainly keep an eye on this.

  10. #10

    Default

    Quote Originally Posted by chrisq View Post
    Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
    If anyone think differently, please do explain.

    * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
    * Basically zero X applications are packaged for the OS.
    * It is SLOW, especially X and SMP performance is terrible.
    * Its hardware support is lacking.

    I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...
    I'm running OpenBSD as my default desktop OS at home for some time now and I find it a breeze of fresh are compared to the linux world in terms of consistency and ease of use.

    * Getting X up and running is just a matter of saying you want to run X in the installer and enabling xdm (or install another dm later on).
    * The default applications are just the onces bundled with the OS and make sure they are licensed in accordance with the OpenBSD standard, the codebase is up to the OpenBSD standards (these guys are major clean code advocates). To install extra software you need to set your PKG_PATH environment variable to <mirror.tld>/pub/OpenBSD/`uname -r`/packages/`uname -m` where <mirror.tld> is one of http://www.openbsd.org/ftp.html and where uname -r can be replaced with snapshots if you're following -current (development branch). To search packages do pkg_info -Q <keyword> and to install do pkg_add <package-name>.
    * It is true that it is slower then most linux systems. This is because they still (mostly) work via the biglock system and because they don't do quick hacks just to speed up things.
    * Everything I use is supported. But I do agree that some peripherals aren't fully supported. To name the major ones: 802.11n, bluetooth and xHCI.

    If you are truely willing to give OpenBSD a shot I recommend you use it for a couple of weeks and enjoy their great documentation (either via man-pages or http://www.openbsd.org/faq/). An inconsitency or something missing in the documentation is considered a bug. Also joining the mailing lists can help you a great deal (http://www.openbsd.org/mail.html).

    And if you're looking for an easy to set up gnome environment you can give http://undeadly.org/cgi?action=artic...20140219085851 a shot.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •