Fix rootless xorg support

[jleclanche]

[10:48:14] <AnAkkk> after this change in the Xorg 1.16 arch package, SDDM no longer works correctly because at the time that X starts, it can't find the nvidia module https://bugs.archlinux.org/task/41259
[10:48:19] <AnAkkk> is that something we need to fix in sddm?
[10:48:44] <AnAkkk> I have to restart sddm with systemctl every time to make it work
[11:07:08] <AnAkkk> ok, actually it's related to the dkms systemd service + nvidia-dkms
[11:07:18] <AnAkkk> that I use to rebuild the nvidia module on kernel updates
[11:07:38] <AnAkkk> it seems to unload the nvidia module, X can't find it

[AnAkkk]

Ignore my messages, they actually fixed that in the archlinux xorg package, and they were unrelated to rootless xorg.
SDDM still needs support for that though, otherwise X is still ran as root.

[jleclanche]

Ok.

[bchretien]

👍 for rootless Xorg support (most Arch users would probably agree after the last Xorg update).

[jleclanche]

@plfiorini Was there any progress on this?

[tugit]

Debian testing allows running x without root, see https://www.phoronix.com/scan.php?page=news_item&px=Debian-Non-Root-X
I can start my Plasma 5 session by switching to a VT and type startx, then indeed X runs as the logged in user on the VT. When using sddm to login, X runs with root privileges.
Any progress ahead?

[xiangzhai]

oh yup #492

[tugit]

With major distributions supporting running x without root (fedora, arch, debian -> ubuntu) I consider it a security risk to run something as root when it does not have to.

Related discussion in case of lightdm: https://bugs.launchpad.net/lightdm/+bug/1292324

[jleclanche]

PRs welcome.

[plfiorini]

Let's try to do this for 0.14, we have ~2 months to do so.

[plfiorini]

Information:

• https://wiki.archlinux.org/index.php/Xorg
• https://fedoraproject.org/wiki/Changes/NonSetuidXorg
• https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights

[kugel-]

Is anyone working on this?

[plfiorini]

Not currently

[plfiorini]

@kugel- started working, see PR #673

[HunterGraubard]

I'd just like to chime in with my support for this feature. For me, SDDM is completely unusable without this, as running Xorg as root is entirely unacceptable for me due to the security implications. I hope this gets implemented quickly.

GDM has been able to do this for quite some time, and I believe it goes a step further by not just running Xorg with lower privileges, but also running most of its own code with lower privileges under a custom "gdm" user.

Thanks for your work.

[fabiscafe]

I'm also still waiting for rootless X with sddm.

[aufkrawall]

It's extremely disappointing that this is still open, please don't release 0.16 without it.

[jleclanche]

PRs welcome but this isnt exactly a blocking issue for minor releases.

[sten0]

Thank you for maintaining SDDM :-) Would it be possible to solve this by July 2018?

[liefswanson]

This isn't just theoretically a security risk... X can overwrite the passwords file by tricky use of log file location... I don't think it is worth it to have X running as root when this exploit is well known.

This should be bumped way up the priority list.

[aufkrawall]

Afair last two vulnerabilities were prevented by rootless xorg, SDDM puts users at unnecessary risk.

[StefanBruens]

Posting "me too" comments will not make it happen. On the contrary, it wastes developer time.

If you really need it, consider contracting someone who does the work. As said several times, PRs welcome!

[Rihannakitten]

PRs

#673

[bionade24]

How is the progress at the moment? What has to be done?

[devurandom]

Once you start X as user and want to get logind integration for it, you will need to pass it -keeptty.

See-Also: https://bugs.gentoo.org/603294

[yan12125]

Any updates? I tried the following two branches and neither works :/

• https://github.com/plfiorini/sddm/tree/feature/xorguser - does not build
• https://github.com/plfiorini/sddm/tree/feature/xorguser2019 - from the commit I guess I need to create /etc/sddm.conf with the following content

[General]
DisplayServer = x11-user

However, sddm does not start. According to strace, Xorg.wrap reports "Only console users are allowed to run the X server". Seems Xorg check if one of stdin/stdout/stderr is /dev/ttyX [1], while strace tells me that all 3 file descriptors are FIFOs when Xorg.wrap is invoked.

Environment: Arch Linux up-to-date

[1] https://gitlab.freedesktop.org/xorg/xserver/-/blob/xorg-server-1.20.8/hw/xfree86/xorg-wrapper.c#L171

[Kodehawa]

Any news on this?

[bionade24]

Any news on this?

Afaik even gdm needs to be root for certain tasks and then downgrades itself. So it's not really easy to accomplish.
No one wants to work on the X server anymore, focussing on wayland is more important. https://www.phoronix.com/scan.php?page=news_item&px=XServer-Abandonware<

SDDM seems to support this behaviour (from the README):

SDDM runs the greeter as a system user named "sddm" whose home directory needs to be set to /var/lib/sddm.

Maybe just you distro maintainer never tried this because it's more pain than gain, in the Arch IRC channels there are various poeple trying to rootless gdm work and fails for couple of reasonsons.

I guess this never will work perfectly because it' s using a piece of software made for big UNIX 36 years ago. Wayland support is more important, I hope.

[kugel-]

Whether SDDM/GDM itself runs as root or not is a separate issue. This issue is about rootless X which is a subordinary process.

[Kodehawa]

Any news on this?

Afaik even gdm needs to be root for certain tasks and then downgrades itself. So it's not really easy to accomplish.
No one wants to work on the X server anymore, focussing on wayland is more important. https://www.phoronix.com/scan.php?page=news_item&px=XServer-Abandonware<

SDDM seems to support this behaviour (from the README):

SDDM runs the greeter as a system user named "sddm" whose home directory needs to be set to /var/lib/sddm.

Maybe just you distro maintainer never tried this because it's more pain than gain, in the Arch IRC channels there are various poeple trying to rootless gdm work and fails for couple of reasonsons.

I guess this never will work perfectly because it' s using a piece of software made for big UNIX 36 years ago. Wayland support is more important, I hope.

Whether wayland is more important or not is not the focus on this. Rootless X has been available for years, and it's not about the greeter running as root or not, it's about X itself (Xorg) running as a normal user instead of root.