Path: utzoo!mnetor!uunet!husc6!bloom-beacon!mit-eddie!ll-xn!ames!pasteur!ucbvax!SUN.COM!dshr
From: dshr@SUN.COM (David Rosenthal)
Newsgroups: comp.windows.x
Subject: Re: X server needs to be setuid root?
Message-ID: <8804191520.AA06110@devnull.sun.com>
Date: 19 Apr 88 13:15:43 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14

The only reason ever advanced to my knowledge for running
the X server SUID root is that /dev/fb (or /dev/bwtwo0,  etc.)
is read-write only for root.

/dev/fb (etc.) should be mode 666.  The latest /dev/MAKEDEV
sets it this way.  The only thing a spoofer can do with access
to /dev/fb is to mung bits on the screen,  and the spoofer
can do that with X anyway.

It is much less of a security risk to have /dev/fb 666 than to
have SUID root programs lying around.  I strongly recommend
people NOT to run the X server nor xinit as root.

	David.