On 9/23/19 10:00 AM, Michael Catanzaro wrote:
On Mon, Sep 23, 2019 at 9:50 am, Michael Catanzaro <mcatanzaro@gnome.org> wrote:
You're wasting your time. We're not going to run the X server as root just so you can overclock your GPU. Not a chance.


It isn't just to overclock my GPU, you're *BREAKING PEOPLE'S SOFTWARE, EVEN IF THEY ARE FLATPAK*. The whole point of Flatpak for an end user is cross-distro compatibility!


Anyway, while we won't do that Fedora... since you're clearly interested in customizing your system, you can do so for yourself. What you want to do is build gdm using the configure flag --disable-user-display-server. You can host your special gdm in a copr if you want to make it easier for other Nvidia overclockers to use it.


This is entirely unnecessary. You can enable root X. Org via the config option. A random user's COPR repo isn't a whole lot safer.



See https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights for why this was changed (over five years ago!). The changes were made upstream, so there is nothing Fedora-specific here. If you use GNOME on most other distros, you should see the same behavior.


Five years ago and yet no other DE besides Gnome supports it. Five years and many distros that even use Gnome don't even have it enabled by default. Five years and Fedora has done nothing to make other DEs support it despite the fact that Fedora is the only one that actually wants the change to begin with.


Lets *actually read* that link, shall we?


>The user experience will be unchanged


This is a blatant lie. Breaking people's software absolutely impacts the user experience.


>Desktop product: gdm, Ray Strode is working on this: ?

>KDE spin: ?

>XFCE spin: ?

>LXDE spin: ?


Look at that broad DE support. It's *almost* like no one cares or wants this, even after 5 years! There are still open bug reports on multiple distros/DEs that haven't been worked on or updated in years.


>Having the xserver not run as root reduces Fedora's attack surface.


...which few other Linux distro cares about and is seemingly just a boogeyman used to fearmonger since no one can pin point actual malicious software that takes advantage of it to begin with.


If you're so afraid of the X. Org as root boogeyman then oh boy, allow me to turn it up a notch by telling you just *some* of the things possible with basic *user* account permissions. You can:


-reboot/shutdown


-silently lockup the system by spawning too many threads


-hard lock the system by passing allowed but unsupported values


-fill up memory, resulting in HDD thrashing and potentially killing your SSD


-create other processes(pop up windows)


-kill other processes


-upload all your files in your home directory to a personal private server


-delete all your files in your home directory


-encrypt all your files in your home directory.


...among a whole lot else I'm probably forgetting.


Point is, at some point you need to let the security crap go. No one else cares besides Fedora and Gnome.



The only distro I know of that uses --disable-user-display-server is Endless.

Michael

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org