[2020-05-25 23:41:23+0200] Piotr Karbowski: > There are 3 common ways the xorg-server is started: > > - via XDM of some sort, usually forked as root, does not require suid, > systemd or elogind.
Launching X as root and having it be suid is quite the same thing… > - via better XDM that can into logind interface, started as regular user > thanks to logind interface provided by either systemd or elogind. > - via `startx`, if systemd or elogind are present, can work without > suid, without them, suid is required. btw I tried startx without suid a while ago, you can start it with your user in the right groups (input, video), which means that now every program that you run can snoop input devices and mess with your video outputs. And X couldn't properly manage DRM master control because you could set the DRM master but not drop it (kernel bug but "linux maintains bugs" and there is no capabilities to fix it, which could allow to avoid extra groups). I don't have something like elogind and likely will not as last time I looked at how it worked, it felt like reading about an unstable backdoor more than anything else. I'd rather have proper permissions in the kernel. > Flipping current '+suid (-)elogind' as *default* USE flags on ebuild > level into '+elogind (-)suid' will not affect first two use cases, and > affect only 3rd one if neither systemd is used, or elogind is enabled. > > What I'd like to go with is to enable elogind and disable suid on ebuild > level. The systemd profiles have use.mask for elogind, meaning it's not > a problem for them. and those who do not want to use any logind provider > can still opt-out out of it and go back to use suid. It shouldn't really > affect most of the users in any negative way, if anything, it will make > more users to not run Xorg as root, which is a positive aspect. > > The alternative way would be to enable elogind on default profile, > however it would also affect those who run headless Gentoo, of which a > lot refuse to use any login manager. > > So, dear people of Gentoo, what do you think about turning the current > possible opt-out of Xorg as root into possible opt-in for running Xorg > as root? People still will have a choice, just the defaults will be more > sane. I think you could have `xorg-server -suid` in the desktop profile, as you have elogingd there but on the ebuild level I'm not so sure. I'm not particularly against it but then should definitely come with a warning and it'll require users to notice the change and warning so they don't end up with a broken gentoo after an update.
