Star A Root-less X Server Nears Reality
Linked by Thom Holwerda on Thu 2nd Jul 2009 20:33 UTC, submitted by diegocg
X11, Window Managers "Due to now living in a KMS-enabled world, at least on the Intel and ATI side (the NVIDIA side is still slowly but surely coming via Nouveau), it's rather easy to get the X Server running without any special rights. Intel's Jesse Barnes explains on the X.Org mailing list that only a small patch is needed for the X Server and then a trivial one to the Direct Rendering Manager in the kernel."
E-mail Print r 4   10 Comment(s) http://osne.ws/gso
Order by: Score:
Add Comment Post a Comment

Finally!
by strim on Thu 2nd Jul 2009 22:07 UTC
strim
Member since:
2008-07-01

I remember running unprivileged Xmacppc server, about 4 years ago on NetBSD. It was unaccelerated, kinda slow, but served me well for about 8 months, on my main workstation.

Then I bought Mac Mini, only to discover that X11.app works without root too.

Reply Bookmark Score: 1

RE: Finally!
by daedliusswartz on Thu 2nd Jul 2009 22:11 UTC in reply to "Finally!"
daedliusswartz Member since:
2007-05-28

All administrative accounts should only ever be used for just that - administrative tasks.

Reply Bookmark Score: 1

Direct Renering Manager
by stestagg on Fri 3rd Jul 2009 08:46 UTC
stestagg
Member since:
2006-06-03

Zomg DRM in the Kernel. Linus is evil!

[/jk]

Edited 2009-07-03 08:47 UTC

Reply Bookmark Score: 1

RE: Direct Renering Manager
by Bagnaj97 on Fri 3rd Jul 2009 14:12 UTC in reply to "Direct Renering Manager"
Bagnaj97 Member since:
2007-01-24

Brought to you by the Rendering Infrastructure Association of Awfulness

Reply Bookmark Score: 2

The title is misleading
by fury on Fri 3rd Jul 2009 11:04 UTC
fury
Member since:
2005-09-23

When it comes to X servers, rootless is used to mean supporting X clients in a foreign environment (something supported fine in many Windows and Mac OS X servers). I believe the correct term is 'user mode X'

Reply Bookmark Score: 4

RE: The title is misleading
by fury on Fri 3rd Jul 2009 11:05 UTC in reply to "The title is misleading"
fury Member since:
2005-09-23

On second thought I don't think 'user mode X' would work either -- that would be opposed to an X server in the kernel? idk.

Reply Bookmark Score: 1

RE: The title is misleading
by WereCatf on Fri 3rd Jul 2009 11:14 UTC in reply to "The title is misleading"
WereCatf Member since:
2006-02-15

Try "non-privileged X" instead?

Reply Bookmark Score: 4

RE[2]: The title is misleading
by werfu on Fri 3rd Jul 2009 14:04 UTC in reply to "RE: The title is misleading"
werfu Member since:
2005-09-15

Indeed, it enable the X servers to run without the suid bit set. It's a great improvement for security and stability.

Reply Bookmark Score: 1

Xorg rocks
by Mark Williamson on Fri 3rd Jul 2009 16:38 UTC
Mark Williamson
Member since:
2005-07-06

I've heard lots of complaints about slipping release dates, features getting dropped from releases, etc. But I've got to say, the pace of change in X11 these days is highly impressive. I'm always looking forward to what's coming next ...

I was aware that e.g. OpenBSD was able to run X11 as non-root a while ago. Doubtless this new development is a more comprehensive solution but I do wonder how *BSD supported running X as a normal user process in the past ... set the mode and then permanently drop privileges, perhaps? Anybody know?

I should probably just go look it up but ... this is the lazyweb, right?

Reply Bookmark Score: 2

RE: Xorg rocks
by license_2_blather on Mon 6th Jul 2009 17:44 UTC in reply to "Xorg rocks"
license_2_blather Member since:
2006-02-05

OpenBSD did it by using privilege separation. Ihey have a modified X server which drops privileges after it does the things it needs to be root to do. It may also be split into a small, auditable privileged program which does rootish things on behalf of the larger, unprivileged X server (like they do with SSH and some other daemons).

To me, this seems preferable to moving modesetting code into the kernel, but there may be other non-security implications to that which pushed the Linux folks in that direction.

In the past, they also had a special driver (xf86) to allow access to certain ports and memory ranges on the video card as non-root. I don't know if they still use this, though. I haven't run X on an OpenBSD box in years.

Edited 2009-07-06 17:49 UTC

Reply Bookmark Score: 1

Add Comment Post a Comment