On 9/23/19 10:00 AM, Michael Catanzaro wrote:
On Mon, Sep 23, 2019 at 9:50 am, Michael Catanzaro
<mcatanzaro(a)gnome.org> wrote:
> You're wasting your time. We're not going to run the X server as root
> just so you can overclock your GPU. Not a chance.
It isn't just to overclock my GPU, you're *BREAKING PEOPLE'S SOFTWARE,
EVEN IF THEY ARE FLATPAK*. The whole point of Flatpak for an end user is
cross-distro compatibility!
Anyway, while we won't do that Fedora... since you're clearly
interested in customizing your system, you can do so for yourself.
What you want to do is build gdm using the configure flag
--disable-user-display-server. You can host your special gdm in a copr
if you want to make it easier for other Nvidia overclockers to use it.
This is entirely unnecessary. You can enable root X. Org via the config
option. A random user's COPR repo isn't a whole lot safer.
See
https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights for
why this was changed (over five years ago!). The changes were made
upstream, so there is nothing Fedora-specific here. If you use GNOME
on most other distros, you should see the same behavior.
Five years ago and yet no other DE besides Gnome supports it. Five years
and many distros that even use Gnome don't even have it enabled by
default. Five years and Fedora has done nothing to make other DEs
support it despite the fact that Fedora is the only one that actually
wants the change to begin with.
Lets *actually read* that link, shall we?
The user experience will be unchanged
This is a blatant lie. Breaking people's software absolutely impacts the
user experience.
Desktop product: gdm, Ray Strode is working on this: ?
KDE spin: ?
XFCE spin: ?
LXDE spin: ?
Look at that broad DE support. It's *almost* like no one cares or wants
this, even after 5 years! There are still open bug reports on multiple
distros/DEs that haven't been worked on or updated in years.
Having the xserver not run as root reduces Fedora's attack
surface.
...which few other Linux distro cares about and is seemingly just a
boogeyman used to fearmonger since no one can pin point actual malicious
software that takes advantage of it to begin with.
If you're so afraid of the X. Org as root boogeyman then oh boy, allow
me to turn it up a notch by telling you just *some* of the things
possible with basic *user* account permissions. You can:
-reboot/shutdown
-silently lockup the system by spawning too many threads
-hard lock the system by passing allowed but unsupported values
-fill up memory, resulting in HDD thrashing and potentially killing your SSD
-create other processes(pop up windows)
-kill other processes
-upload all your files in your home directory to a personal private server
-delete all your files in your home directory
-encrypt all your files in your home directory.
...among a whole lot else I'm probably forgetting.
Point is, at some point you need to let the security crap go. No one
else cares besides Fedora and Gnome.
The only distro I know of that uses --disable-user-display-server is
Endless.
Michael
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org