From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C85931382C5 for ; Thu, 25 Jun 2020 14:20:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 445CEE08BF; Thu, 25 Jun 2020 14:20:32 +0000 (UTC) Received: from covici.com (debian-2.covici.com [166.84.7.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A5E34E0884 for ; Thu, 25 Jun 2020 14:20:30 +0000 (UTC) Received: from ccs.covici.com (ccs.covici.com [70.109.53.110]) (authenticated bits=0) by covici.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTPSA id 05PEKmEv001468 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2020 10:20:50 -0400 Received: from ccs.covici.com (localhost [127.0.0.1]) by ccs.covici.com (8.15.2/8.15.2) with ESMTPS id 05PEKO7I638686 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 25 Jun 2020 10:20:24 -0400 Received: (from covici@localhost) by ccs.covici.com (8.15.2/8.15.2/Submit) id 05PEKOJS638685; Thu, 25 Jun 2020 10:20:24 -0400 Date: Thu, 25 Jun 2020 10:20:24 -0400 Message-ID: From: John Covici To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] xorg-server without suid still runs as root? In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Covici Computer Systems Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Archives-Salt: ea18bbcd-7be2-43e6-bf1b-ab1a421d58c9 X-Archives-Hash: c3ec156fe2fcb0885559028052de3478 On Thu, 25 Jun 2020 08:58:30 -0400, Nikos Chantziaras wrote: > > There's a news item about disabling the "suid" use flag on > x11-base/xorg-server, which makes it runs as a normal user rather > than root. Version 1.20.8-r1 of the ebuild disables "suid" by > default. After updating to that and rebooting, X still runs as > root though: > > $ ps aux | grep X > root 270 1.7 0.6 226892 107052 tty1 Ssl+ 13:52 2:08 /usr/bin/X > > $ emerge --info xorg-server > [...] > x11-base/xorg-server-1.20.8-r1::gentoo was built with the following: > USE="ipv6 libglvnd systemd udev xorg -debug -dmx -doc (-elogind) > -kdrive -libressl -minimal (-selinux) -static-libs -suid -unwind > -wayland -xcsecurity -xephyr -xnest -xvfb" ABI_X86="(64)" > > Am I missing something? I'm using systemd. If it matters, the > "kms" use flag in x11-drivers/nvidia-drivers is enabled. If I do ls -l /proc/ both of them are not root, 1 as gdm and the other as me which got created after I logged in. Try doing that and see what you see. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una covici@ccs.covici.com