Announcement

Collapse
No announcement yet.

X.Org Server Now Runs Without Root On OpenBSD

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server Now Runs Without Root On OpenBSD

    Phoronix: X.Org Server Now Runs Without Root On OpenBSD

    The OpenBSD operating system now supports running its X.Org Server without root permissions for better security...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

    One could make an exception for those using nvidia or fglrx and make that run as root.

    Comment


    • #3
      Originally posted by Rexilion View Post
      I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?
      yes, every now and then someone proclaimed "rootless X works now!".

      but then again (gentoo)
      Code:
      ~> ps aux | grep X
      root      2052  4.1  0.9 202528 72644 tty7     Ssl+ Feb15 502:03 /usr/bin/X -br -novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/...

      Comment


      • #4
        It's explained here: https://wiki.ubuntu.com/X/Rootless

        It mostly comes down to /dev/input/* handling. On single user, one could chown and chmod your way out. You need to do this for the VT as well but that is not a problem. Furthermore, it would require some UDEV handling for plugging in/out devices causing nodes in /dev/input to disappear or reappear.

        I might make this a project for my parents laptop and PC. Looks doable, interesting and beneficial.

        I might consider creating a privileged user for X and let the default user piggyback on it (setgid might do this) as reported in the wiki. The only thing that would result from an exploit in X would allow one to snoop keyboard/mouse data. But that also the case right now.

        Comment


        • #5
          Weird 5 minute rule, anyways:

          EDIT: I'm also concerned about external monitor handling. If I plug in the TV with a D-sub cable, will that still work? Are these part of the DRM ioctls? Who knows...

          Comment


          • #6
            Linux

            Great!

            I wish Linux would have this too.

            One can hope that FreeBSD, NetBSD and DragonFly BSD ports this from OpenBSD.

            Comment


            • #7
              No good reasons to use OpenBSD as a desktop

              Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
              If anyone think differently, please do explain.

              * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
              * Basically zero X applications are packaged for the OS.
              * It is SLOW, especially X and SMP performance is terrible.
              * Its hardware support is lacking.

              I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...

              Comment


              • #8
                Originally posted by Rexilion View Post
                I still wonder why Linux is not doing this for their KMS drivers. Everything is there, right?

                One could make an exception for those using nvidia or fglrx and make that run as root.

                Comment


                • #9
                  Thanks! But I think it might take a while before this will hit Arch. I'll certainly keep an eye on this.

                  Comment


                  • #10
                    Originally posted by chrisq View Post
                    Having tried to use OpenBSD as a desktop lately, I've come to the point where I don't see any good reasons to use it for that purpose.
                    If anyone think differently, please do explain.

                    * Getting any modern X environment up and running is a huge chore compared to other free unix-like systems.
                    * Basically zero X applications are packaged for the OS.
                    * It is SLOW, especially X and SMP performance is terrible.
                    * Its hardware support is lacking.

                    I still have it installed, so any great ideas of how to make it a decent desktop OS is appreciated, but I'm not holding my breath...
                    I'm running OpenBSD as my default desktop OS at home for some time now and I find it a breeze of fresh are compared to the linux world in terms of consistency and ease of use.

                    * Getting X up and running is just a matter of saying you want to run X in the installer and enabling xdm (or install another dm later on).
                    * The default applications are just the onces bundled with the OS and make sure they are licensed in accordance with the OpenBSD standard, the codebase is up to the OpenBSD standards (these guys are major clean code advocates). To install extra software you need to set your PKG_PATH environment variable to <mirror.tld>/pub/OpenBSD/`uname -r`/packages/`uname -m` where <mirror.tld> is one of http://www.openbsd.org/ftp.html and where uname -r can be replaced with snapshots if you're following -current (development branch). To search packages do pkg_info -Q <keyword> and to install do pkg_add <package-name>.
                    * It is true that it is slower then most linux systems. This is because they still (mostly) work via the biglock system and because they don't do quick hacks just to speed up things.
                    * Everything I use is supported. But I do agree that some peripherals aren't fully supported. To name the major ones: 802.11n, bluetooth and xHCI.

                    If you are truely willing to give OpenBSD a shot I recommend you use it for a couple of weeks and enjoy their great documentation (either via man-pages or http://www.openbsd.org/faq/). An inconsitency or something missing in the documentation is considered a bug. Also joining the mailing lists can help you a great deal (http://www.openbsd.org/mail.html).

                    And if you're looking for an easy to set up gnome environment you can give http://undeadly.org/cgi?action=artic...20140219085851 a shot.

                    Comment

                    Working...
                    X