Linked by Thom Holwerda on Thu 2nd Jul 2009 20:33 UTC, submitted by diegocg
X11, Window Managers "Due to now living in a KMS-enabled world, at least on the Intel and ATI side (the NVIDIA side is still slowly but surely coming via Nouveau), it's rather easy to get the X Server running without any special rights. Intel's Jesse Barnes explains on the X.Org mailing list that only a small patch is needed for the X Server and then a trivial one to the Direct Rendering Manager in the kernel."
Permalink for comment 371913
To read all comments associated with this story, please click here.
RE: Xorg rocks
by license_2_blather on Mon 6th Jul 2009 17:44 UTC in reply to "Xorg rocks"
license_2_blather
Member since:
2006-02-05

OpenBSD did it by using privilege separation. Ihey have a modified X server which drops privileges after it does the things it needs to be root to do. It may also be split into a small, auditable privileged program which does rootish things on behalf of the larger, unprivileged X server (like they do with SSH and some other daemons).

To me, this seems preferable to moving modesetting code into the kernel, but there may be other non-security implications to that which pushed the Linux folks in that direction.

In the past, they also had a special driver (xf86) to allow access to certain ports and memory ranges on the video card as non-root. I don't know if they still use this, though. I haven't run X on an OpenBSD box in years.

Edited 2009-07-06 17:49 UTC

Reply Parent Score: 1