Linked by Thom Holwerda on Thu 2nd Jul 2009 20:33 UTC, submitted by diegocg
X11, Window Managers "Due to now living in a KMS-enabled world, at least on the Intel and ATI side (the NVIDIA side is still slowly but surely coming via Nouveau), it's rather easy to get the X Server running without any special rights. Intel's Jesse Barnes explains on the X.Org mailing list that only a small patch is needed for the X Server and then a trivial one to the Direct Rendering Manager in the kernel."
Thread beginning with comment 371913
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Xorg rocks
by license_2_blather on Mon 6th Jul 2009 17:44 UTC in reply to "Xorg rocks"
license_2_blather
Member since:
2006-02-05

OpenBSD did it by using privilege separation. Ihey have a modified X server which drops privileges after it does the things it needs to be root to do. It may also be split into a small, auditable privileged program which does rootish things on behalf of the larger, unprivileged X server (like they do with SSH and some other daemons).

To me, this seems preferable to moving modesetting code into the kernel, but there may be other non-security implications to that which pushed the Linux folks in that direction.

In the past, they also had a special driver (xf86) to allow access to certain ports and memory ranges on the video card as non-root. I don't know if they still use this, though. I haven't run X on an OpenBSD box in years.

Edited 2009-07-06 17:49 UTC

Reply Parent Score: 1