Bug 91071

Summary: XWayland security settings prohibits applications running as root from connecting by default
Product: Wayland Reporter: nerdopolis1
Component: XWaylandAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED NOTABUG QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: leho
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description nerdopolis1 2015-06-23 11:38:21 UTC
Hi.

It seems the security changes in XWayland prevents applications running as root from connecting. The users will have to run xhost +LOCAL: in order to run a graphical application as root

There are a few graphical applications that run as root (Some applications I can think of is ubiquity (The Ubuntu installer) and synaptic), 

These applications, even ones that are built against a toolkit that supports Wayland, connect to X because most *sudo applications strip out $WAYLAND_DISPLAY by default (along with all other variables). 

Is there a way to whitelist root by default, if it makes sense to do so? It makes sense to keep the other users out though...


Most Wayland servers I think currently allow applications running as root to connect. (including Weston)
Comment 1 Alan Coopersmith 2015-06-23 15:03:54 UTC
xhost +si:localuser:root
Comment 2 nerdopolis1 2015-06-23 15:54:04 UTC
...I did post the wrong xhost command... I guess gksudo & kdesudo will need to be updated to do this...?
Comment 3 Daniel Stone 2015-06-23 16:29:14 UTC
Or, whoever spawns the session (e.g. Weston) would have to generate their own X authority data, add that manually to the server, and then set $XAUTHORITY for clients.
Comment 4 Daniel Stone 2018-06-04 07:21:46 UTC
Marking as NOTABUG, since the 'localuser' change works for all kinds of X sessions (Xwayland as well as native) and is better by being more explicitly targeted.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.