Bug 91071

Summary:	XWayland security settings prohibits applications running as root from connecting by default
Product:	Wayland	Reporter:	nerdopolis1
Component:	XWayland	Assignee:	Wayland bug list <wayland-bugs>
Status:	RESOLVED NOTABUG	QA Contact:	Xorg Project Team <xorg-team>
Severity:	normal
Priority:	medium	CC:	leho
Version:	unspecified
Hardware:	Other
OS:	All
Whiteboard:
i915 platform:		i915 features:

Description nerdopolis1 2015-06-23 11:38:21 UTC

Hi.

It seems the security changes in XWayland prevents applications running as root from connecting. The users will have to run xhost +LOCAL: in order to run a graphical application as root

There are a few graphical applications that run as root (Some applications I can think of is ubiquity (The Ubuntu installer) and synaptic), 

These applications, even ones that are built against a toolkit that supports Wayland, connect to X because most *sudo applications strip out $WAYLAND_DISPLAY by default (along with all other variables). 

Is there a way to whitelist root by default, if it makes sense to do so? It makes sense to keep the other users out though...


Most Wayland servers I think currently allow applications running as root to connect. (including Weston)

Comment 1 Alan Coopersmith 2015-06-23 15:03:54 UTC

xhost +si:localuser:root

Comment 2 nerdopolis1 2015-06-23 15:54:04 UTC

...I did post the wrong xhost command... I guess gksudo & kdesudo will need to be updated to do this...?

Comment 3 Daniel Stone 2015-06-23 16:29:14 UTC

Or, whoever spawns the session (e.g. Weston) would have to generate their own X authority data, add that manually to the server, and then set $XAUTHORITY for clients.

Comment 4 Daniel Stone 2018-06-04 07:21:46 UTC

Marking as NOTABUG, since the 'localuser' change works for all kinds of X sessions (Xwayland as well as native) and is better by being more explicitly targeted.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.