User: Password:
|
|
Subscribe / Log in / New account

Where are the non-root X servers?

Where are the non-root X servers?

Posted Sep 9, 2010 6:41 UTC (Thu) by drag (subscriber, #31333)
In reply to: Where are the non-root X servers? by drag
Parent article: Where are the non-root X servers?

> To make it simple for administrators and users you just serve up input to whatever X session is active first.

That is, I mean, by default. You'll have it configurable for multi-seat, multi-user setups.


(Log in to post comments)

Where are the non-root X servers?

Posted Sep 9, 2010 6:55 UTC (Thu) by rvfh (subscriber, #31018) [Link]

Are you not just going from 'one X server running as root' to 'one input server running as root'? It does mitigate the problem I suppose, and maybe it's the only way (apart from revoke()), but does it solve it?

Where are the non-root X servers?

Posted Sep 9, 2010 13:02 UTC (Thu) by foom (subscriber, #14868) [Link]

Yes. You have to privileged code handling input, either living in the kernel or in a privileged process. It's possible to write secure code, it's just very hard when you have as much code as the X server does (or...for that matter, the linux kernel, but that's a different issue). If you put the input server in a separate privileged process, you have to secure a lot less code, so the problem becomes feasible.

And note that it doesn't actually have to run as root, just as a priv user.

Where are the non-root X servers?

Posted Sep 9, 2010 23:45 UTC (Thu) by martinfick (subscriber, #4455) [Link]

Additionally, this code would not likely be exposed to nearly the huge attack base that the current X server is exposed to. It would likely only be exposed to the proxied data, and perhaps to some user switching input code, but that is surely a greatly reduced attack vector than the current model.

Where are the non-root X servers?

Posted Sep 13, 2010 21:30 UTC (Mon) by oak (guest, #2786) [Link]

And even that attack surface is reduced if that input daemon doesn't proxy the input, but only tells X which input device to use and on "hot seat" arrangements takes care of switching access rights on the input devices so that only the active X server can access given device at any given time...?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds