Feature changed by: Bernhard Wiedemann (bmwiedemann) Feature #310622, revision 3 Title: Run xserver without root privileges openSUSE-11.4: Unconfirmed Priority Requester: Desirable Requested by: Jose Ricardo De Leon Solis (derhundchen) Partner organization: openSUSE.org Description: Now that we have KMS enabled in the distribution we are a step closer of being able to run the xserver with just user privileges, and thus making openSUSE more secure. About a year ago I read a blog post of a moblin developer stating that achieving this is not that hard, but I've yet to see another distro achieving it. Nevertheless I think we can start to think about it. Business case (Partner benefit): openSUSE.org: It all boils down to increase the security of openSUSE, as stated below. + Discussion: + #1: Bernhard Wiedemann (bmwiedemann) (2010-10-02 21:32:27) + I am thinking about the big variety of graphics chips supported by a + modern X-server. e.g. I am currently writing this on VIA unichrome + graphics. But I have no idea how many of those do not have KMS yet / + would not work with a root-less xserver. + Once this question has a nice answer, moving towards a root-less + xserver is probably a good option. -- openSUSE Feature: https://features.opensuse.org/310622

Feature changed by: Jose Ricardo De Leon Solis (derhundchen) Feature #310622, revision 5 Title: Run xserver without root privileges openSUSE-11.4: Unconfirmed Priority Requester: Desirable Requested by: Jose Ricardo De Leon Solis (derhundchen) Partner organization: openSUSE.org Description: Now that we have KMS enabled in the distribution we are a step closer of being able to run the xserver with just user privileges, and thus making openSUSE more secure. About a year ago I read a blog post of a moblin developer stating that achieving this is not that hard, but I've yet to see another distro achieving it. Nevertheless I think we can start to think about it. Business case (Partner benefit): openSUSE.org: It all boils down to increase the security of openSUSE, as stated below. Discussion: #1: Bernhard Wiedemann (bmwiedemann) (2010-10-02 21:32:27) I am thinking about the big variety of graphics chips supported by a modern X-server. e.g. I am currently writing this on VIA unichrome graphics. But I have no idea how many of those do not have KMS yet / would not work with a root-less xserver. Once this question has a nice answer, moving towards a root-less xserver is probably a good option. #2: Tom Zöhner (zoehneto) (2010-10-02 22:37:27) (reply to #1) This is a very important point, because for example the proprietary NVIDIA driver doesn't support KMS. + #3: Jose Ricardo De Leon Solis (derhundchen) (2010-10-03 06:03:22) + (reply to #2) + And probably never will (unless of course nvidia driver goes open + source). Perhaps I should have added that we should provide a root-less + xserver when possible. -- openSUSE Feature: https://features.opensuse.org/310622

Feature changed by: Jose Ricardo De Leon Solis (derhundchen) Feature #310622, revision 7 Title: Run xserver without root privileges openSUSE-11.4: Unconfirmed Priority Requester: Desirable + openSUSE Distribution: Unconfirmed + Priority + Requester: Desirable Requested by: Jose Ricardo De Leon Solis (derhundchen) Partner organization: openSUSE.org Description: Now that we have KMS enabled in the distribution we are a step closer of being able to run the xserver with just user privileges, and thus making openSUSE more secure. About a year ago I read a blog post of a moblin developer stating that achieving this is not that hard, but I've yet to see another distro achieving it. Nevertheless I think we can start to think about it. Business case (Partner benefit): openSUSE.org: It all boils down to increase the security of openSUSE, as stated below. Discussion: #1: Bernhard Wiedemann (bmwiedemann) (2010-10-02 21:32:27) I am thinking about the big variety of graphics chips supported by a modern X-server. e.g. I am currently writing this on VIA unichrome graphics. But I have no idea how many of those do not have KMS yet / would not work with a root-less xserver. Once this question has a nice answer, moving towards a root-less xserver is probably a good option. #2: Tom Zöhner (zoehneto) (2010-10-02 22:37:27) (reply to #1) This is a very important point, because for example the proprietary NVIDIA driver doesn't support KMS. #3: Jose Ricardo De Leon Solis (derhundchen) (2010-10-03 06:03:22) (reply to #2) And probably never will (unless of course nvidia driver goes open source). Perhaps I should have added that we should provide a root-less xserver when possible. #4: Bernhard Wiedemann (bmwiedemann) (2010-10-03 09:50:48) (reply to #3) It is technically possible to start a process with root privileges and drop those as early as possible. e.g. apache does that after binding port80. So optimal solution would be that xserver starts as root, figures out if it can work root-less and if possible drops privileges. This Improves security while maintaining compatibility. It also allows drivers to be upgraded to root-less operation when they are ready. -- openSUSE Feature: https://features.opensuse.org/310622