One of the benefits of moving the different graphics hardware drivers over to using kernel mode-setting
, an in-kernel GPU memory manager (whether it be GEM
), and other newer X innovations is the possibility of now running the X Server without root privileges. By doing so, this of course improves the security since this very large chunk of code is no longer running with all of these high-privileged rights.
Due to now living in a KMS-enabled world, at least on the Intel and ATI side (the NVIDIA side is still slowly but surely coming via Nouveau
), it's rather easy to get the X Server running without any special rights. Intel's Jesse Barnes explains on the X.Org mailing list
that only a small patch is needed for the X Server and then a trivial one to the Direct Rendering Manager in the kernel. Right now, however, the X Server patch is a bit "hackish", but he and other developers are currently collaborating on the best approach to implement this new capability.
It looks like we may be seeing root-less X Servers in the near future.