Home_greyopenFATE - openSUSE feature tracking > #310622
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Run xserver without root privileges

Feature state

openSUSE Distribution
Unconfirmed
openSUSE-11.4
Unconfirmed

Description

Now that we have KMS enabled in the distribution we are a step closer of being able to run the xserver with just user privileges, and thus making openSUSE more secure. About a year ago I read a blog post of a moblin developer stating that achieving this is not that hard, but I've yet to see another distro achieving it. Nevertheless I think we can start to think about it.

User benefit:

It all boils down to increase the security of openSUSE, as stated below.

Discussion


icons/user_comment.png B. W. wrote: (3 years ago)

I am thinking about the big variety of graphics chips supported by a modern X-server. e.g. I am currently writing this on VIA unichrome graphics. But I have no idea how many of those do not have KMS yet / would not work with a root-less xserver.

Once this question has a nice answer, moving towards a root-less xserver is probably a good option.

icons/user_comment.png T. Z. wrote: (3 years ago)

This is a very important point, because for example the proprietary NVIDIA driver doesn't support KMS.

icons/user_comment.png J. R. wrote: (3 years ago)

And probably never will (unless of course nvidia driver goes open source). Perhaps I should have added that we should provide a root-less xserver when possible.

icons/user_comment.png B. W. wrote: (3 years ago)

It is technically possible to start a process with root privileges and drop those as early as possible. e.g.
apache
does that after binding port80.

So optimal solution would be that xserver starts as root, figures out if it can work root-less and if possible drops privileges. This Improves security while maintaining compatibility. It also allows drivers to be upgraded to root-less operation when they are ready.

Last change: 2 years ago
Voting
Score: 16
  • Negative: 0
  • Neutral: 1
  • Positive: 16
Tags
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint