Bug 6618 - X server will only start as root
Summary: X server will only start as root
Status: RESOLVED WONTFIX
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: x86 (IA32) Linux (All)
: high major
Assignee: Xorg Project Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-16 15:11 UTC by Michael Vanier
Modified: 2006-04-17 03:53 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Michael Vanier 2006-04-16 15:11:12 UTC
I compiled X from the CVS head successfully yesterday (4/14/2006) on an x86
computer (Dell Latitude 810 running Debian unstable).  This computer was already
successfully running X11R7.0 from the latest Debian package.  I installed the
new X in /usr/local/X so as not to overlap with the original X libraries,
adjusted my path and LD_LIBRARY_PATH accordingly, etc.

When I tried to run the new startx program, I got this:

xauth:  creating new authority file /home/mvanier/.serverauth.3804

X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0
Build Operating System: Linux 2.6.12.6 i686 
Current Operating System: Linux tap 2.6.12.6 #4 Sat Sep 3 03:20:11 PDT 2005 i686
Build Date: 15 April 2006
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/usr/local/X/var/log/Xorg.0.log", Time: Sat Apr 15 22:01:56 2006
(==) Using config file: "/etc/X11/xorg.conf"

Fatal server error:
xf86OpenConsole: Cannot open /dev/tty0 (No such file or directory)


XIO:  fatal IO error 104 (Connection reset by peer) on X server ":0.0"
      after 0 requests (0 known processed) with 0 events remaining.

Of course /dev/tty0 is alive and well, but it is owned by root (the error
message is incorrect).  I noticed that the working X11R7 implementation changed
that to be owned by the user who ran startx, and it reverts back when X is
halted.  I also noticed that I could start the X server as root, and it runs
fine, except that all my programs are then run as root, which is not advisable. 
I tried manually altering the ownership of /dev/tty0, and then it fails at a
later stage:

xauth:  creating new authority file /home/mvanier/.serverauth.3739

X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0
Build Operating System: Linux 2.6.12.6 i686 
Current Operating System: Linux tap 2.6.12.6 #4 Sat Sep 3 03:20:11 PDT 2005 i686
Build Date: 15 April 2006
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/usr/local/X/var/log/Xorg.0.log", Time: Sat Apr 15 22:01:08 2006
(==) Using config file: "/etc/X11/xorg.conf"

Fatal server error:
xf86OpenConsole: Cannot open virtual console 7 (Permission denied)


XIO:  fatal IO error 104 (Connection reset by peer) on X server ":0.0"
      after 0 requests (0 known processed) with 0 events remaining.

I am not sure if this is a bug or if I've misconfigured something, but I've
looked through bug reports and searched the internet and found nothing.  Any
help would be appreciated.
Comment 1 Daniel Stone 2006-04-16 19:51:32 UTC
that's right, it will only run as root.  you need to make the X server suid root
if you want to start it as a user.
Comment 2 Michael Vanier 2006-04-17 13:44:30 UTC
(In reply to comment #1)
> that's right, it will only run as root.  you need to make the X server suid root
> if you want to start it as a user.

That works.  Is it secure?  Also, the Debian-installed Xorg isn't SUID root and
it works.  Maybe it's called from another SUID program... I'll have to poke
around.  I guess I'm surprised that the sudo program I passed in to the build
script didn't automatically do this, if that's what's intended.
Comment 3 Daniel Stone 2006-04-17 18:48:03 UTC
well, we hope it's secure ... that's why we issue security advisories for bugs
in the server that can be exploited by clients.

in Debian, /usr/bin/Xorg isn't u+s, but /usr/bin/X is.  i believe you have to
pass in an option to xorg-server's configure script to make the result suid.
Comment 4 Michael Vanier 2006-04-17 20:53:04 UTC
(In reply to comment #3)
> well, we hope it's secure ... that's why we issue security advisories for bugs
> in the server that can be exploited by clients.
> 
> in Debian, /usr/bin/Xorg isn't u+s, but /usr/bin/X is.  i believe you have to
> pass in an option to xorg-server's configure script to make the result suid.

Thanks for the information.  As you suggest, /usr/bin/X on Debian is an SUID
wrapper program that calls the real X server.  It also has its own configuration
file, Xwrapper.config.  I appreciate your help.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.