Ubuntu Nearing X Server Not Running As Root
Posted by Michael Larabel on June 25, 2010
Based upon a recent email to the X.Org developers' mailing list, Canonical is nearing the point of one of their goals for Ubuntu 10.10 of a rootless X Server, or being able to run the X.Org Server without root privileges.
All that's left to accomplish within the Ubuntu land according to Canonical's Christopher James Rogers is working out a /dev/backlight device interface that udev would set the appropriate permissions on for the user. The /proc/mtrr may also need to be handled too, but Rogers doesn't believe any of the drivers (at least the main KMS drivers) are using this interface. With all of the necessary prerequisites addressed, when starting the X Server they will have a check to see if kernel mode-setting is being used, if /dev/backlight exists, and if /dev/input/* has appropriate user permissions. If all conditions are true, the X.Org Server would not be run as the root user, which leads to better security. Of course, this feat has already been achieved by other Linux distributions such as Moblin and now MeeGo.
This would largely help out those with the open-source ATI, Intel, and Nouveau drivers that use kernel mode-setting while those using non-KMS drivers, including the binary drivers from ATI and NVIDIA, would still be running their X Server as root.
The mailing list thread discussing this can be found on xorg-devel. There is also the Maverick blueprint discussing this likely feature of Ubuntu 10.10. Other details can also be found on the Ubuntu Wiki.
All that's left to accomplish within the Ubuntu land according to Canonical's Christopher James Rogers is working out a /dev/backlight device interface that udev would set the appropriate permissions on for the user. The /proc/mtrr may also need to be handled too, but Rogers doesn't believe any of the drivers (at least the main KMS drivers) are using this interface. With all of the necessary prerequisites addressed, when starting the X Server they will have a check to see if kernel mode-setting is being used, if /dev/backlight exists, and if /dev/input/* has appropriate user permissions. If all conditions are true, the X.Org Server would not be run as the root user, which leads to better security. Of course, this feat has already been achieved by other Linux distributions such as Moblin and now MeeGo.
This would largely help out those with the open-source ATI, Intel, and Nouveau drivers that use kernel mode-setting while those using non-KMS drivers, including the binary drivers from ATI and NVIDIA, would still be running their X Server as root.
The mailing list thread discussing this can be found on xorg-devel. There is also the Maverick blueprint discussing this likely feature of Ubuntu 10.10. Other details can also be found on the Ubuntu Wiki.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).