On 9/22/19 3:08 AM, Leigh Scott wrote:
> On Sat, Sep 21, 2019 at 8:33 PM Ty Young
<youngty1997(a)gmail.com> wrote:
> Fedora and other distributions have been working on rootless Xorg
> since 2013. We've had it in place since at least 2015. This change was
> made way back in Fedora 24.
>
Do you mean 'Support non-root X'? if so some DM's still don't support
it.
https://github.com/canonical/lightdm/issues/18
...and it's Open Source. Ironic.
Anyway, I did a google search and apparently running X. Org as user
isn't exactly safe either. According to the Gentoo wik[1] a user could
snoop on another user's input. It doesn't go into specifics on how these
are a big deal, but if they are what's even the point of running non
root? Just breaking into the entire system vs. a user?
Not a security expert but if you have user permissions you can do
anything a user could normally do including rebooting, shuttting down,
uploading files to some private server, logging inputs, etc. The user
account is the lowest hanging fruit there is from my understanding.
[1]
https://wiki.gentoo.org/wiki/Non_root_Xorg#Security_concerns
> This is Nvidia's fault. It was hidden from you because sometimes the
> packaging for the proprietary Nvidia driver has forced non-rootless
> Xorg. I guess that's no longer the case, oh well. Talk to the packager
> for the Nvidia driver, or better yet, talk to Nvidia to get them to
> support rootless Xorg properly.
As far as I know we don't force non-rootless X.
I haven't smoked any shrooms yet today(/joke), so it isn't my
imagination By default X. Org runs as user but if you follow the Arch
wiki you can force it to run as root.
Again, this was never an issue during the mid beta but towards the end
of the beta or shortly after release something changed.
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org