So why is X as non-root a good thing? What problem does this solve?

You can use it for some mobile devices, the same as Moblin began to use last year or so. Since then you have to +s the X binary if you want to start Moblin in Vbox with gui... I do not fully get what U wants to archive, they could use it for just a few devices or they have a suid switcher in the initrd.

X or any program running as root presents a higher security risk. If there is a security vulnerability in X, it has a high impact as a result. If X was running as a regular user, the impact could be much less.

It also helps improve the robustness of X by preventing it from doing things it shouldn't be doing and having well defined interfaces for the actions that it does require.

Actually what Kano said contains the more precise bit of information towards the answer.
Setuid root programs are pretty much a curse since they change the effective uid of the user to root for a while before dropping root privileges. If there's a vulnerability in the program, some malicious user could gain root privileges through running it. So it's not as much the "does the program run as root or not" but "does the user temporarily get a privilege elevation or not".

(of course, since X used root privileges for hardware handling like modesetting, the user process might not be able to drop root privileges as effectively as some server daemon that uses root for just setting itself up, then changes to an unprivileged user)

Just get over it.


First Off:

* Cygwin does not have any X Windows capabilities. Your probably thinking of X/Cygwin or Xming which provide a X Server for Windows.
* Mac OS X's X Server is called 'XDarwin'
* DirectFB is a alternative display mechanism and has nothing to do with X Windows. It's how you can get accelerated graphics on Linux without using X at all.


Furthermore:

Xephyr (and Xnest etc etc) do actually have ROOT WINDOWS.

What makes them different from Xfree (your default X Server) is that they are X Servers while also being X Clients themselves. Remember that: They are X Clients AND X Servers at the same time. Xfree is a X Server only.

AND:

The 'Root Window' is commonly called 'The Background'.

Applications like Nautilus or XScreensaver can take over the root window and display things in there. Window managers like Fluxbox will respond to clicks and movements in the root window. You can use display tools like 'feh' to write out images to the root window so you can have pretty background images without using Nautilus or whatever.

So ya... Xephyr is a Rootless X Server because it does not require root permissions to run:
It still absolutely has a root window.

@drag
Great explanation as always

Yes Yes Yes.


X Windows is a NETWORK PROTOCOL.

X Windows and HTTP are both network protocols.

Your X Server can display the output from X Clients using the X Windows protocol.
Your Web Browser can display Web pages from Web Server using HTTP protocol.


To put it all together:
X Server == Web Browser
Application GUI == Web Page
X Client == Web Server
X Windows Protocol == HTTP protocol.


When running your X Server with setuid root permissions it is on the same level as running Firefox as root user.

Except that it's worse... Your X Server, traditionally, needs to run as root because it has direct access to your system memory and hardware. This is because the userland drivers required for 2D acceleration needed to by pass the kernel and configure and talk directly to the hardware

So.... To do X Windows (like you want to run X-based thin clients) you have this massive, buggy, and very complicated X Server that has direct access to both your hardware AND the external network AND is running with root permissions.


Even if you do not have X running on your network you still have all your X Clients (Firefox, Nautilus, Email clients, video games, Adobe Flash, etc etc etc) talking directly to your X Server using a very complex protocol over fast unix sockets (X Windows does not use TCP/IP on localhost)

So if there is any sort of security flaw with your X Server then a malicious Adobe Flash program will be able to execute code on your system using root permissions.

This is a VERY insecure design and causes all sorts of headaches and crashes and all sorts of other horrific crap that plague Linux users.

----------------------------------------------


HOWEVER:

Not all benefits come from simply better security.

In order to get the X Server 'Rootless' there has been massive overhaul of the Linux graphics stack.

Now instead of XFree X Server being responsible for configuring and managing your hardware... its been transformed into 'Just Another Graphics Program' for Linux.

Instead of being this special program and this special application that needs special privilages it simply becomes just one regular program that can access Linux hardware acceleration through graphics libraries and DRI2 protocols just like any other application.

This will help massively with stability (since X crashing won't cause your system to go tits-up), multiuser support, easier driver development, using display technologies other then X Windows, and all sorts of other things.

Yeah. But I am only partially right. Hehe.

X/Cygwin can run as 'Rootless mode', which means that it has no root window. No background.

This means that it makes X applications look like they are running directly on the Microsoft Windows desktop.

Root is just one of those overused words.

'Root home directory' is usually '/root'
Root directory is '/'
Chroot allows you to create a environment with a different root diretory.
Root user has 'uid 0'
Fakeroot will allow you to run a environment were applications think your uid 0'

So on and so forth.

It just does not really benefit anybody to get all religious about terms like this. Root used in different contexts means different things and it has been for a long long time.

Actually it still can even with X with no root privs, depending on design of the other components. If I've understood properly, KMS for ATi cards could end up with a lockup before the GPU reset code was implemented. Then again, concentrating hardware access to one place was very likely to make it easier to attempt to improve recovery from problems.