Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moblin Will Run X Server As Logged-In User, Not Root

Posted by timothy on from the such-a-little-thing-makes-such-a-big-difference dept.

nerdyH writes "An architect of the Moblin Project has announced that Moblin 2.0 for netbooks and nettops is the first Linux distribution to run the X server as the logged-in user, rather than SUID'd to root. The fix to this decades-old security liability comes thanks to 'NRX' (No-root X) technology reportedly developed by Intel, Red Hat, and others in the X community, and the Moblin-sponsored 'Secure X' project. Besides making Linux netbooks a lot more snoop-proof, it seems like this could lead to an X-hosting renaissance of sorts, since you wouldn't be risking the whole system just to open up a specific user's account to remote X servers."

4 of 205 comments (clear)

  1. Re:IMHO by Enleth · · Score: 3, Interesting

    Er, the same way USB was for years? Actually, DRI, too. The driver exposes a pseudo-device in /dev/, which actually is a socket-like, high-throughput mmap wrapper and the X server opens it. Given appropriate file permissions and group membership, this can be done from a user account.

    --
    This is Slashdot. Common sense is futile. You will be modded down.
  2. Re:Graphics drivers by Wesley+Felter · · Score: 3, Interesting

    Yes, it's interesting that KGI was rejected 10 years ago, but now we have KMS. What has changed?

  3. Is this right ? by bytesex · · Score: 4, Interesting

    I am not sure that this is the right solution. Not running it as root is good, but running it as me - I don't know. I'd rather that the user that runneth the X server is some sort of 'xserver' user - to whose process I connect. That 'xserver' user then has the right to push my screen into VGA mode and all that. Also, this doesn't fix all those other services (that gnome has, for example) that allow my X programs to mount stuff etc. Which is, again, a security risk by itself.

    --
    Religion is what happens when nature strikes and groupthink goes wrong.
  4. Re:One of the shortcommings in security by TheRaven64 · · Score: 3, Interesting

    Not exactly. There is an average of one bug per 1,000 lines of new code. X.org has been in constant development since 1984. A lot of those 2,000 will have already been fixed. Note that X.org is part of the OpenBSD base system and so undergoes the same kind of rigourous code review. X.org, XFree86, and then X.org is probably the most reviewed and tested piece of software in widespread use.

    --
    I am TheRaven on Soylent News