Path: utzoo!mnetor!uunet!husc6!mailrus!ames!pasteur!ucbvax!LBL-RTSG.ARPA!jef%lbl-helios
From: jef%lbl-helios@LBL-RTSG.ARPA (Jef Poskanzer)
Newsgroups: comp.windows.x
Subject: Re: X server needs to be setuid root?
Message-ID: <8804190246.AA01950@lbl-helios>
Date: 19 Apr 88 02:46:49 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: Paratheo-Anametamystikhood Of Eris Esoteric, Ada Lovelace Cabal
Lines: 25

Bob Weissman writes:
>The server (Xsun) seems to run properly only when setuid root.
>We don't mind this so much, but it's a problem when you want to
>kill the server by having the distinguished first application exit.
>It can't kill a server running as root.
>It's simple enough to write a setuid server-killer, but I figure
>there must be a better solution.  Can anyone help?

Yes, with a stock server, you must run both the server and xinit setuid
to root.  This is not really acceptable, especially since xinit's security
hole re-appeared in this version.  (I sent in a bug report about this
within days of the X.V11R2 release, but have yet to see a patch appear.
Unless I'm being dense this is a REALLY SERIOUS BUG.  Get with it guys.)

Anyway, what you can do is add a single "setuid( getuid( ) );" to the
server just before it calls dispatch().  Then you install it setuid to root
as before, but as soon as it's finished initializing it un-setuids itself.
With this hack, xinit does not need to be root and there is no problem
killing the server and NO security hole.
---
Jef

              Jef Poskanzer   jef@lbl-rtsg.arpa   ...well!pokey
              "Sendmail may be safely run set-user-id to root."
                -- Eric Allman, "Sendmail Installation Guide"