On Tue, May 26, 2020 at 4:12 AM Haelwenn (lanodan) Monnier <cont...@hacktivis.me> wrote: > > [2020-05-25 23:41:23+0200] Piotr Karbowski: > > There are 3 common ways the xorg-server is started: > > > > - via XDM of some sort, usually forked as root, does not require suid, > > systemd or elogind. > > Launching X as root and having it be suid is quite the same thing… >
Sort-of. An SUID X binary is a potential source of vulnerabilities even if you never run it, since it is still sitting there and ready to be exploited by somebody else. It also gives a user more control over how X is launched as root (command lines/control over stdin/out, etc). When X is launched as root by something the user doesn't control it reduces the attack surface somewhat. And if you never launch X11 at all it is just another unprivileged binary that can't do anything the user can't already do with system calls. In any case, setting suid on any binary is something that should only be done if there is no other practical solution. It certainly seems like this shouldn't be the default, especially if it is available for users to toggle if they wish. We can always put out a news item when this changes. If elogind is already enabled by default on a profile, then it doesn't make sense to ship X11 suid with that same profile when it isn't necessary. If a user wants to depart from the default config to not use elogind then they can just change the USE flag on xorg as well. -- Rich
