From: Daniel Frey <djqfrey@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Permissions error on starting X.
Date: Sun, 4 Nov 2018 12:02:02 -0800 [thread overview]
Message-ID: <ae77536e-fe32-9f4b-2ae8-88962e9ac715@gmail.com> (raw)
In-Reply-To: <20181104183318.e7xqdqlkanvuscib@solfire>
On 11/04/18 10:33, tuxic@posteo.de wrote:
>
>
>
>
> On 11/03 11:20, Daniel Frey wrote:
>> On 11/03/18 07:01, Alan Mackenzie wrote:
>>> Hello, Gentoo.
>>>
>>> HEADS UP!!!
>>>
>>> If you start your X server from the command line with, e.g. startx, you
>>> now need to set the new(?) suid USE flag for the xorg-server package.
>>>
>>> This flag causes the binary to be installed with the setuid file flag,
>>> which causes it to run as root.
>>>
>>> The developers, in this instance, failed to raise the ebuild's version
>>> number from 1.20.3 when making this change, and also didn't notify users
>>> by a NEWS item, that I can see.
>>>
>>> The matter was fairly intensively discussed in bug #669648 in Gentoo's
>>> bugzilla.
>>>
>>> So - if you get a permissions error whilst trying to start X, setting
>>> the suid USE flag may well be the solution.
>>>
>>
>> I just got hit by this on my mythtv backend, which I only start X to
>> configure the mythtv backend.
>>
>> Yes, enabling the suid USE-flag fixed it (or restored original behaviour?)
>>
>> Dan
>>
>
> Hi,
>
> is this already known?
> https://twitter.com/hackerfantastic/status/1055517801224396800
>
> Is it safe to run X.org suid set?
>
> Cheers
> Meino
>
>
>
>
Even if you run X as a non-root user it's possible to snoop on the
keyboard/mouse input of a different user. So... pick your vulnerability.
I stuck with the way it's been working for years and years. However,
these systems do not have web access or anything like that, they're
mythtv appliances.
Dan
next prev parent reply other threads:[~2018-11-04 20:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-03 14:01 [gentoo-user] Permissions error on starting X Alan Mackenzie
2018-11-03 14:46 ` Rich Freeman
2018-11-03 23:17 ` Neil Bothwick
2018-11-04 18:39 ` Alarig Le Lay
2018-11-04 1:11 ` [gentoo-user] " Nikos Chantziaras
2018-11-04 10:22 ` Neil Bothwick
2018-11-04 16:04 ` Daniel Frey
2018-11-05 15:30 ` Grant Edwards
2018-11-05 16:27 ` Nikos Chantziaras
2018-11-05 16:35 ` Rich Freeman
2018-11-05 16:43 ` Nikos Chantziaras
2018-11-04 6:20 ` [gentoo-user] " Daniel Frey
2018-11-04 18:33 ` tuxic
2018-11-04 19:18 ` Neil Bothwick
2018-11-05 4:06 ` tuxic
2018-11-05 8:17 ` Neil Bothwick
2018-11-04 20:02 ` Daniel Frey [this message]
2018-11-05 15:29 ` [gentoo-user] " Grant Edwards
2018-11-07 3:59 ` [gentoo-user] " YUE Daian
2018-11-09 0:20 ` Hervé Guillemet
2018-11-09 8:49 ` gevisz
2018-11-09 9:19 ` YUE Daian
2018-11-09 10:24 ` Hervé Guillemet
2018-11-08 20:47 ` gevisz
2018-11-08 21:23 ` gevisz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae77536e-fe32-9f4b-2ae8-88962e9ac715@gmail.com \
--to=djqfrey@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox