Linked by Thom Holwerda on Thu 2nd Jul 2009 20:33 UTC, submitted by diegocg
"Due to now living in a KMS-enabled world, at least on the Intel and ATI side (the NVIDIA side is still slowly but surely coming via Nouveau), it's rather easy to get the X Server running without any special rights. Intel's Jesse Barnes explains on the X.Org mailing list that only a small patch is needed for the X Server and then a trivial one to the Direct Rendering Manager in the kernel."
Thread beginning with comment 371913
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-02-05
OpenBSD did it by using privilege separation. Ihey have a modified X server which drops privileges after it does the things it needs to be root to do. It may also be split into a small, auditable privileged program which does rootish things on behalf of the larger, unprivileged X server (like they do with SSH and some other daemons).
To me, this seems preferable to moving modesetting code into the kernel, but there may be other non-security implications to that which pushed the Linux folks in that direction.
In the past, they also had a special driver (xf86) to allow access to certain ports and memory ranges on the video card as non-root. I don't know if they still use this, though. I haven't run X on an OpenBSD box in years.
Edited 2009-07-06 17:49 UTC