Moblin Will Run X Server As Logged-In User, Not Root 205
nerdyH writes "An architect of the Moblin Project has announced that Moblin 2.0 for netbooks and nettops is the first Linux distribution to run the X server as the logged-in user, rather than SUID'd to root. The fix to this decades-old security liability comes thanks to 'NRX' (No-root X) technology reportedly developed by Intel, Red Hat, and others in the X community, and the Moblin-sponsored 'Secure X' project. Besides making Linux netbooks a lot more snoop-proof, it seems like this could lead to an X-hosting renaissance of sorts, since you wouldn't be risking the whole system just to open up a specific user's account to remote X servers."
Re:IMHO (Score:4, Interesting)
Er, the same way USB was for years? Actually, DRI, too. The driver exposes a pseudo-device in /dev/, which actually is a socket-like, high-throughput mmap wrapper and the X server opens it. Given appropriate file permissions and group membership, this can be done from a user account.
Re:Graphics drivers (Score:4, Interesting)
Yes, it's interesting that KGI was rejected 10 years ago, but now we have KMS. What has changed?
Is this right ? (Score:5, Interesting)
I am not sure that this is the right solution. Not running it as root is good, but running it as me - I don't know. I'd rather that the user that runneth the X server is some sort of 'xserver' user - to whose process I connect. That 'xserver' user then has the right to push my screen into VGA mode and all that. Also, this doesn't fix all those other services (that gnome has, for example) that allow my X programs to mount stuff etc. Which is, again, a security risk by itself.
Re:IMHO (Score:3, Interesting)
Re:One of the shortcommings in security (Score:4, Interesting)
Re:Two questions: (Score:1, Interesting)
1. Does this mean you can't login at a graphical interface? I.e. will you have to login at a terminal and then wait for X server to come up?
No. There should be a login X server (running as root or nobody or whatever) to display GDM, then during login this server will exit and launch a new server under your uid. Or something like that.
So how do secure logins work? How am I sure whether a graphical login screen is genuine or a spoofed page put up by another user?
Windows requires secure login keys [wikipedia.org] (Control-Alt-Delete) that only the kernel can intercept before showing a login prompt.
SunOS and Solaris have always operated this way. (Score:2, Interesting)
I was a video driver developer for Sun for many years. The window system *always* ran as the logged-in user. When I started developing for Linux, I was appalled when I realized that Linux ran the windows server as root.
Here's how we did it at Sun: For every supported video card, there is a device driver. The driver provides basic services such as cursor and color-table management (there are advantages to doing this in the kernel), and additionally allows the user logged in at the console to map in the device registers. This means that the window system doesn't need any special privileges to run.
There are other advantages to having a device driver manage user-level hardware mapping. Not the least of which is that it allowed us to implement full-bore context switching at the device level. The advantages of this are enormous.