New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix rootless xorg support #246
Comments
Ignore my messages, they actually fixed that in the archlinux xorg package, and they were unrelated to rootless xorg. |
Ok. |
👍 for rootless Xorg support (most Arch users would probably agree after the last Xorg update). |
@plfiorini Was there any progress on this? |
Debian testing allows running x without root, see https://www.phoronix.com/scan.php?page=news_item&px=Debian-Non-Root-X |
oh yup #492 |
With major distributions supporting running x without root (fedora, arch, debian -> ubuntu) I consider it a security risk to run something as root when it does not have to. Related discussion in case of lightdm: https://bugs.launchpad.net/lightdm/+bug/1292324 |
PRs welcome. |
Let's try to do this for 0.14, we have ~2 months to do so. |
Is anyone working on this? |
Not currently |
I'd just like to chime in with my support for this feature. For me, SDDM is completely unusable without this, as running Xorg as root is entirely unacceptable for me due to the security implications. I hope this gets implemented quickly. GDM has been able to do this for quite some time, and I believe it goes a step further by not just running Xorg with lower privileges, but also running most of its own code with lower privileges under a custom "gdm" user. Thanks for your work. |
I'm also still waiting for rootless X with sddm. |
It's extremely disappointing that this is still open, please don't release 0.16 without it. |
PRs welcome but this isnt exactly a blocking issue for minor releases. |
Thank you for maintaining SDDM :-) Would it be possible to solve this by July 2018? |
This isn't just theoretically a security risk... X can overwrite the passwords file by tricky use of log file location... I don't think it is worth it to have X running as root when this exploit is well known. This should be bumped way up the priority list. |
Afair last two vulnerabilities were prevented by rootless xorg, SDDM puts users at unnecessary risk. |
Posting "me too" comments will not make it happen. On the contrary, it wastes developer time. If you really need it, consider contracting someone who does the work. As said several times, PRs welcome! |
|
How is the progress at the moment? What has to be done? |
Once you start X as user and want to get logind integration for it, you will need to pass it See-Also: https://bugs.gentoo.org/603294 |
Any updates? I tried the following two branches and neither works :/
However, sddm does not start. According to strace, Xorg.wrap reports "Only console users are allowed to run the X server". Seems Xorg check if one of stdin/stdout/stderr is Environment: Arch Linux up-to-date [1] https://gitlab.freedesktop.org/xorg/xserver/-/blob/xorg-server-1.20.8/hw/xfree86/xorg-wrapper.c#L171 |
Any news on this? |
Afaik even gdm needs to be root for certain tasks and then downgrades itself. So it's not really easy to accomplish. SDDM seems to support this behaviour (from the README):
Maybe just you distro maintainer never tried this because it's more pain than gain, in the Arch IRC channels there are various poeple trying to rootless gdm work and fails for couple of reasonsons. I guess this never will work perfectly because it' s using a piece of software made for big UNIX 36 years ago. Wayland support is more important, I hope. |
Whether SDDM/GDM itself runs as root or not is a separate issue. This issue is about rootless X which is a subordinary process. |
Whether wayland is more important or not is not the focus on this. Rootless X has been available for years, and it's not about the greeter running as root or not, it's about X itself (Xorg) running as a normal user instead of root. |
We want to support Xorg user session and keep running it as root as an option, so we don't break the workflow of some users. As a matter of fact, when we run the X11 server as sddm user, we also start the display start and stop scripts as user. Scripts that need root privileges won't work. To support both modes, we move the code to sddm-x11-helper and either run it as root or sddm user using sddm-helper. Closes: sddm#246
Introduce an alternative display server option to run the greeter with the X11 server as an unprivileged user. Root privileges are required by default, but this will change in the future. Greeter output is forwarded to the helper process, instead of saving it into a separate file like user sessions do. This means the greeter output is available in the journal with the daemon and helper logs. Display start and stop commands are executed as sddm user and this might break the workflow of our users. That is the reason why we still run Xorg as root for the greeter by default. X11 user session always spawn a new display server without root privileges. Closes: #246
Introduce an alternative display server option to run the greeter with the X11 server as an unprivileged user. Root privileges are required by default, but this will change in the future. Greeter output is forwarded to the helper process, instead of saving it into a separate file like user sessions do. This means the greeter output is available in the journal with the daemon and helper logs. Display start and stop commands are executed as sddm user and this might break the workflow of our users. That is the reason why we still run Xorg as root for the greeter by default. X11 user session always spawn a new display server without root privileges. Closes: sddm#246
Introduce an alternative display server option to run the greeter with the X11 server as an unprivileged user. Root privileges are required by default, but this will change in the future. Greeter output is forwarded to the helper process, instead of saving it into a separate file like user sessions do. This means the greeter output is available in the journal with the daemon and helper logs. Display start and stop commands are executed as sddm user and this might break the workflow of our users. That is the reason why we still run Xorg as root for the greeter by default. X11 user session always spawn a new display server without root privileges. Closes: sddm#246
The text was updated successfully, but these errors were encountered: