Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moblin Will Run X Server As Logged-In User, Not Root

Posted by timothy on from the such-a-little-thing-makes-such-a-big-difference dept.

nerdyH writes "An architect of the Moblin Project has announced that Moblin 2.0 for netbooks and nettops is the first Linux distribution to run the X server as the logged-in user, rather than SUID'd to root. The fix to this decades-old security liability comes thanks to 'NRX' (No-root X) technology reportedly developed by Intel, Red Hat, and others in the X community, and the Moblin-sponsored 'Secure X' project. Besides making Linux netbooks a lot more snoop-proof, it seems like this could lead to an X-hosting renaissance of sorts, since you wouldn't be risking the whole system just to open up a specific user's account to remote X servers."

4 of 205 comments (clear)

  1. Re:One of the shortcommings in security by Freetardo+Jones · · Score: 5, Informative

    I don't know how they've done it, but I know this is a good thing.

    They've done it by removing the responsibility of X talking directly to the graphics hardware by implementing Kernel Mode Switching for graphics drivers (among other much needed overhauls to the Linux graphics stack). Thus X can now access what it needs at the logged-in users' level and doesn't need root.

  2. Poor understanding of X by Anonymous Coward · · Score: 5, Informative

    The article repeats the common misunderstanding: "in the backwards terminology of X"

    What exactly is backwards about this? X is the server, and the apps are clients.

    Think about it: The client initiates the conversation with the server. The client tells the server what to do.

    How is this backwards?

  3. Re:IMHO by jmorris42 · · Score: 5, Informative

    > Can someone spare me reading the article and let me know if DRI is still possible without root?

    Yup, this whole thing rests on the new kernel modesetting. That was the last thing that required root to be able to directly frob bits on the video card. DRI also goes into the kernel as it should. The kernel is supposed to own all of the hardware and expose safe APIs for user apps to access it. For historical reasons video has been the exception to that rule. No longer.

    --
    Democrat delenda est
  4. Have you used Moblin? by SlickSlacker · · Score: 5, Informative

    I just loaded it on my Eee PC and it turns the machine into a kiosk. Very unappealing for anyone who actually wants to use their netbook. Its very flashy and friendly if all you do is check your email and browse the web though.

    --
    Mr. Green