Slashdot Mirror
Moblin Will Run X Server As Logged-In User, Not Root
nerdyH writes "An architect of the Moblin Project has announced that Moblin 2.0 for netbooks and nettops is the first Linux distribution to run the X server as the logged-in user, rather than SUID'd to root. The fix to this decades-old security liability comes thanks to 'NRX' (No-root X) technology reportedly developed by Intel, Red Hat, and others in the X community, and the Moblin-sponsored 'Secure X' project. Besides making Linux netbooks a lot more snoop-proof, it seems like this could lead to an X-hosting renaissance of sorts, since you wouldn't be risking the whole system just to open up a specific user's account to remote X servers."
Linux's SUID X server problem has been kind of a "dirty little secret" for many years. Most modern distributions include a few crude workarounds, such as dimming the display and then freezing X whenever the user is asked to type in a root password. Getting rid of the SUID bit altogether ought to make netbooks powered by Moblin technology much more difficult to snoop on over the network.
This does not make sense. Graphical sudo wrappers have nothing to do with X being suid, and neither does anything to do with network traffic.
It seems likely that with NRX technology, you could run X apps over a network with much less risk to the app server (the system that runs the "X client" component, in the backwards terminology of X).
This is actually backwards, the only place there's less risk is for the system that the X server is running on.
It doesn't?
If graphics drivers were implemented in the kernel instead of the X server, this problem wouldn't have existed in the first place.
1. Does this mean you can't login at a graphical interface? I.e. will you have to login at a terminal and then wait for X server to come up?
No. There should be a login X server (running as root or nobody or whatever) to display GDM, then during login this server will exit and launch a new server under your uid. Or something like that.
2. If multiple users login, will each user get their own instance of X server? This seems like overkill...
I think fast user switching already works that way. We don't consider it overkill that each user gets their own instance of Firefox; why is X any different?
Its very flashy and friendly if all you do is check your email and browse the web though.
Almost like that was the entire point of the distro in the first place!
No, it doesn't. It runs most everything as the "Administrator" user, which is a lot like a root account, but without even the level of security that logging into Linux/Unix as root provides ;-)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The problem is that we use the words "client" and "server" to refer both to the programs and to the machines they run on. Usually server machines run server programs, but not always (and consider true P2P stuff where programs are both clients and servers). Maybe we need to throw out all the words and replace them with alternatives like "listener" and "caller" for the programs and... "big machine" and "little machine" for the computers? :-)
Besides, X, although designed explicitly from the beginning to host remote applications, sucks at it. It is unusable on a link with any significant latency, and cannot migrate a client to a new server. VNC and Remote Desktop, though seemingly less elegant solutions, work much better, mainly because they are synchronized more loosely.