[opensuse-factory] s bit on xorg
Hi, upgraded to Tumbleweed from 13.2 today. No problems, except this one: lightdm didn't start my xfce anymore, first I thought its a problem in lightdm, then I realized that s bit was missing from /usr/bin/Xorg. After setting it, all works as expected. Just wanted to let you know. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday 26 of May 2015 21:19:26 blue hut wrote:
AFAICS our package doesn't set SUID on /usr/bin/Xorg for quite some time, perhaps even longer than it's called "Xorg". Most users don't need it and those who do can always set it. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2015-05-26 21:19, blue hut wrote:
That bit is intentionally unset since 11.X or thereabouts. In the /etc/permissions.local you see this note since years: # setuid bit on Xorg is only needed if no display manager, ie startx # is used. Beware of CVE-2010-2240. # #/usr/bin/Xorg root:root 4711 -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/27/2015 12:16 PM, Carlos E. R. wrote:
Alright. But I still don't get why I had to set it to get lightdm to start xfce. Like I said, I was on 13.2 and switched to Tumbleweed yesterday. After rebooting the display manager couldn't start any DE anymore. After setting the bit, it worked. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 27 May 2015 12:20, blue hut wrote:
A shot in the dark, but as which user is lightdm running? Running as "root", no suid bit is needed, the rights are sufficent, running as e.g. user "lightdm" and the rights remaining may not be sufficent to start the xserver for the user that wants to login. Background: A program can be started as root, and then drop any rights and capabilities it does not need and change userid to a less privileged user. See e.g. "apache2" on how that is done right. Either lightdm is started directly as a less privileged user, then it will never have the needed rights, and suid on Xorg is the way to go without changeing systemd-service-files. (drop-in snippets ftw) Or, lightdm is started as root and drops to much privileges, then it is a bug, that has to be addressed, and suid on Xorg is just the crutch until it's fixed. What exactly happend in your case, I can not say. - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2015-05-27 12:43, Yamaban wrote:
On my 13.1, as root. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ... root 4499 0.0 0.0 267496 1544 ? SLl May15 0:00 /usr/sbin/lightdm root 4503 0.2 2.2 389776 186564 tty7 Ss+ May15 43:48 \_ /usr/bin/X :0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch root 4565 0.0 0.0 164364 1392 ? Sl May15 0:00 \_ lightdm --session-child 12 19 cer 4582 0.0 0.0 10780 356 ? Ss May15 0:00 \_ /usr/bin/ck-launch-session /usr/bin/dbus-launch --sh-syntax --close-stderr --exit-with-session /home/cer/.xinitrc -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
* Yamaban <foerster@lisas.de> [2015-05-27 12:43]:
LightDM itself (the daemon) runs as root and starts X as root, the greeter runs as the unprivileged "lightdm" user. Suid XOrg should not matter, look at /var/log/Xorg.0.log and the logs in /var/log/lightdm/ for hints as to why X, LightDM or the Xfce session do not start. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (5)
-
blue hut
-
Carlos E. R.
-
Guido Berhoerster
-
Michal Kubecek
-
Yamaban