Bug 1206

Summary: X server should not run as root continuously.
Product: xorg Reporter: Stuart Kreitman <stuart.kreitman>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: high CC: casper.dik, dberkholz, mharris
Version: git   
Hardware: All   
OS: Solaris   
Whiteboard:
i915 platform: i915 features:

Description Stuart Kreitman 2004-08-27 09:04:14 UTC 
This severely impact the security of the Xorg server; any
bug in it will completely compromise the system.
Comment 1 Matthieu Herrb 2004-08-27 12:34:14 UTC 
I've implemented privilege separation in the X server for OpenBSD. I still 
plan to integrate this in the main stream one day or the other (at least in 
the current form, enabled for OpenBSD only). 
It needs a bit of work to be ported on Linux, but I think it's doable. 

Another option I've investigated in the past is running the X server under
systrace (http://www.citi.umich.edu/u/provos/systrace/), using its privilege
elevation mode. This helps identifying the operations that require privileges.

<ftp://ftp.laas.fr/pub/ii/matthieu/xf86-sec.pdf>
Comment 2 Adam Jackson 2005-06-28 14:03:15 UTC 
same issue as #2407 really.  privsep is a bit different.

*** This bug has been marked as a duplicate of 2407 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.