Slashdot Mirror
Moblin Will Run X Server As Logged-In User, Not Root
nerdyH writes "An architect of the Moblin Project has announced that Moblin 2.0 for netbooks and nettops is the first Linux distribution to run the X server as the logged-in user, rather than SUID'd to root. The fix to this decades-old security liability comes thanks to 'NRX' (No-root X) technology reportedly developed by Intel, Red Hat, and others in the X community, and the Moblin-sponsored 'Secure X' project. Besides making Linux netbooks a lot more snoop-proof, it seems like this could lead to an X-hosting renaissance of sorts, since you wouldn't be risking the whole system just to open up a specific user's account to remote X servers."
I'm not sure I grasp the concept of X Hosting, and how this non-SUID server would help that.
X is not required to be running on the remote system for X11 forwarding over SSH. Even running an Xvnc server doesn't require it to be SUID. This seems to be entirely a local security gain for users who will be interacting with local graphics hardware.
I don't know how they've done it, but I know this is a good thing.
They've done it by removing the responsibility of X talking directly to the graphics hardware by implementing Kernel Mode Switching for graphics drivers (among other much needed overhauls to the Linux graphics stack). Thus X can now access what it needs at the logged-in users' level and doesn't need root.
The article repeats the common misunderstanding: "in the backwards terminology of X"
What exactly is backwards about this? X is the server, and the apps are clients.
Think about it: The client initiates the conversation with the server. The client tells the server what to do.
How is this backwards?
Just got fixed by this. To be honest, I don't know how they've done it, but I know this is a good thing. This will make X and linux more secure and I can only applaud that.
I think what is basically boils down to, is that instead of X talking to the hardware directly it now talks to a file under /dev/ just like everything else.
> Can someone spare me reading the article and let me know if DRI is still possible without root?
Yup, this whole thing rests on the new kernel modesetting. That was the last thing that required root to be able to directly frob bits on the video card. DRI also goes into the kernel as it should. The kernel is supposed to own all of the hardware and expose safe APIs for user apps to access it. For historical reasons video has been the exception to that rule. No longer.
Democrat delenda est
The X server is the program on the local machine that displays the pixels.
The program you run on some other system via the net is the client, even if the thing it's running on is called a server.
The X server traditionally runs as root. You are likely unaware of this because it's started automatically as part of the init process.
The X server running as root is independent of whether the X client is running as root.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I just loaded it on my Eee PC and it turns the machine into a kiosk. Very unappealing for anyone who actually wants to use their netbook. Its very flashy and friendly if all you do is check your email and browse the web though.
Mr. Green
> Sounds like Windows NT 3.5, wonder if it will get moved back into kernel
> space for performance reasons just like NT4 moved video back into kernel space.
Not the same thing. The video hardware belongs in the kernel in exactly the same way as sound, mass storage and the keyboard/mouse do. *NIX and Windows are now alike in that and it is good.
What Windows did was bring most of the next layer up the chain into kernel space. This would be more like putting the whole X server and bits of GTK and/or Qt into the kernel, not just running it as root. Yes it improved performance some, but the security implications are horrific.
Democrat delenda est