Path: utzoo!mnetor!uunet!husc6!mailrus!ames!pasteur!ucbvax!ZERMATT.LCS.MIT.EDU!RWS
From: RWS@ZERMATT.LCS.MIT.EDU (Robert Scheifler)
Newsgroups: comp.windows.x
Subject: Re: X server needs to be setuid root?
Message-ID: <880419080018.9.RWS@KILLINGTON.LCS.MIT.EDU>
Date: 19 Apr 88 12:00:00 GMT
References: <8804190246.AA01950@lbl-helios>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 27


    Date: Mon, 18 Apr 88 19:46:49 PDT
    From: Jef Poskanzer <jef%lbl-helios@lbl-rtsg.arpa>

    Yes, with a stock server, you must run both the server and xinit setuid
    to root.

The wonderful thing about Unix environments is that no two are ever
alike.  I don't think I've ever had to run either of these setuid on any
Sun on campus.

    Anyway, what you can do is add a single "setuid( getuid( ) );" to the
    server just before it calls dispatch().

The problem with this is that it works fine under xinit, where the
server isn't expected to loop, but it may fail for servers run from
init, where reinitialization takes place.  Also, who is to say the ddx
code won't later need setuid privilege to get access to something, like
perhaps a restricted ioctl?  Remember, you are changing dix code here;
you can't blindly change things because they happen to work for a
particular ddx.

    With this hack, xinit does not need to be root and there is no problem
    killing the server

Except of course when the server hangs initing devices or sockets or
extensions, which is where it often hangs on me ...