Originally posted by jacob
View Post
Announcement
Collapse
No announcement yet.
X.Org Server 1.16, Rootless X Now Available For Arch Linux
Collapse
X
-
Originally posted by Tom B View PostI'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
Comment
-
Simply put, anything which exploits any part of the X server is running as a process with root privileges. It breaks the principle of least privilege, although likely difficult to exploit it's almost certainly not impossible. Any software that communicates with X could potentially exploit part of it and get root privileges, now it's unlikely but given the common sense approach of "don't run stuff as root", running X as root has always been a bit of an oversight.
Comment
-
Originally posted by Tom B View PostI'm surprised this potential security hole wasn't fixed years ago. At least there's progress now, it'll be great when the drivers and login managers finally catch up.
Comment
Comment