From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-185301-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DFB97138334
	for <garchives@archives.gentoo.org>; Sun,  4 Nov 2018 20:02:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9304DE0BF5;
	Sun,  4 Nov 2018 20:02:05 +0000 (UTC)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 044DFE0BEF
	for <gentoo-user@lists.gentoo.org>; Sun,  4 Nov 2018 20:02:04 +0000 (UTC)
Received: by mail-pl1-x62a.google.com with SMTP id s5-v6so3353352plq.11
        for <gentoo-user@lists.gentoo.org>; Sun, 04 Nov 2018 12:02:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-language:content-transfer-encoding;
        bh=pVp6x+Ep8CpbKJpBld1NNBEvUxrUGfyl0SeRkbJ+1z0=;
        b=W/j0Ot9bm5PBgowYJ3caid80WunqcJQlYKCT5tg7lEzc2h0zD97vcD5nJE2UthR6jC
         wwqXlS7cSMZk9JCfT5dTmCvrIWmMctZ1cmlN/bq0KcxEMXDwGVMowdxQm/CaCUDUWd4q
         gMLQPg6HLQvgtmMpj7ZXu65DPo2iFW8s9ypCcpIqHEDdoiG7Z4LB8MdcaLZt5Wm354eH
         +7Rs/J9ZvTI/CREReR050T+xQo7XKbA28mA4DPiII5qtL4218q809QdSDNlrKSQG1rhV
         y+zVRQxS+1iEcI2jS948B+CLL8jcLNhK/NcZhRJedb1bcQ7lFgk0nHthfm9P69hKyYip
         NCzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=pVp6x+Ep8CpbKJpBld1NNBEvUxrUGfyl0SeRkbJ+1z0=;
        b=HEQ90iGcrFWjeveyq+LV2OfL1IVV+SjFjrp0piRc7udFHLRr+p2DeXWkQAhPJamjfQ
         wIVBd1hLncAu2x2lhXSlXeh6oIaWUARDiPUiSczLd1EG4oLdaOz5ZAEntiXslsntvHiB
         jG9czSvIeWFNp/T0h/OiOYA1WxJre5BgTa76pDUIduiFsOHwfrRKI9ItP3NbVUo/3iXL
         4/aob1fstLcetc8AHMzEM1eShnjrdihxGIqJDa05nzV0kLByQdRJOqSogPLVwYQQ0hPl
         lsaADpkOuQFVPowemDc1xeRWzrs3ZySKS0YTN7umMSGuDYaVFE8FA1AkSrk5VzvL/Hgb
         065w==
X-Gm-Message-State: AGRZ1gI9Ai8zK8mPhgXb4gnwF1eNioyyoyCvL6C+szQa1Pydqsu6/LmH
	fOb7AYaBCg+mm77IZcJkhmuKX4My
X-Google-Smtp-Source: AJdET5frlTGZoxQ9+qNF9bNEno21L3VZtwMqOBgVCw9pnpPTOpa0x286/8MFlwDI+w/jHfQwKp+ctw==
X-Received: by 2002:a17:902:70c3:: with SMTP id l3-v6mr18539906plt.329.1541361723491;
        Sun, 04 Nov 2018 12:02:03 -0800 (PST)
Received: from [192.168.247.60] (d207-6-89-225.bchsia.telus.net. [207.6.89.225])
        by smtp.gmail.com with ESMTPSA id u12-v6sm38185403pfi.83.2018.11.04.12.02.02
        for <gentoo-user@lists.gentoo.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 04 Nov 2018 12:02:02 -0800 (PST)
Subject: Re: [gentoo-user] Permissions error on starting X.
To: gentoo-user@lists.gentoo.org
References: <20181103140151.GA5029@ACM>
 <9e23db72-6f1a-1159-9146-ca3c665c8b79@gmail.com>
 <20181104183318.e7xqdqlkanvuscib@solfire>
From: Daniel Frey <djqfrey@gmail.com>
Message-ID: <ae77536e-fe32-9f4b-2ae8-88962e9ac715@gmail.com>
Date: Sun, 4 Nov 2018 12:02:02 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <20181104183318.e7xqdqlkanvuscib@solfire>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 574a85a9-b24b-4c82-847f-6a6717e5542a
X-Archives-Hash: 0f6f3f0f46d66d797fb7e8093be20ca0

On 11/04/18 10:33, tuxic@posteo.de wrote:
> 
> 
> 
> 
> On 11/03 11:20, Daniel Frey wrote:
>> On 11/03/18 07:01, Alan Mackenzie wrote:
>>> Hello, Gentoo.
>>>
>>> HEADS UP!!!
>>>
>>> If you start your X server from the command line with, e.g. startx, you
>>> now need to set the new(?) suid USE flag for the xorg-server package.
>>>
>>> This flag causes the binary to be installed with the setuid file flag,
>>> which causes it to run as root.
>>>
>>> The developers, in this instance, failed to raise the ebuild's version
>>> number from 1.20.3 when making this change, and also didn't notify users
>>> by a NEWS item, that I can see.
>>>
>>> The matter was fairly intensively discussed in bug #669648 in Gentoo's
>>> bugzilla.
>>>
>>> So - if you get a permissions error whilst trying to start X, setting
>>> the suid USE flag may well be the solution.
>>>
>>
>> I just got hit by this on my mythtv backend, which I only start X to
>> configure the mythtv backend.
>>
>> Yes, enabling the suid USE-flag fixed it (or restored original behaviour?)
>>
>> Dan
>>
> 
> Hi,
> 
> is this already known?
> https://twitter.com/hackerfantastic/status/1055517801224396800
> 
> Is it safe to run X.org suid set?
> 
> Cheers
> Meino
> 
> 
> 
> 

Even if you run X as a non-root user it's possible to snoop on the
keyboard/mouse input of a different user. So... pick your vulnerability.

I stuck with the way it's been working for years and years. However,
these systems do not have web access or anything like that, they're
mythtv appliances.

Dan