On Wed, Jan 08, 2014 at 01:14:08PM -0800, Andrew Lutomirski wrote: > /usr/bin/Xorg is, and has been, setuid-root just about forever. I'm > wondering whether there's any good reason for it to remain > setuid-root. [...] > - Xorg is a giant attack surface. Without setuid-root, only users > sitting in front of the keyboard can try to attack it.
Like, for example: http://lists.x.org/archives/xorg-announce/2014-January/002389.html https://bugzilla.redhat.com/show_bug.cgi?id=1049569 Perhaps this is what got you thinking about this? > Thoughts? If people are generally in favor, I'll submit a change > proposal. Despite the fact that the change would be a one-liner, it > seems like a systemwide change. > (On a related note: what's the F21 change proposal submission > deadline? I can't find it anywhere.) No deadline yet -- go for it. You might also want to check into http://fedoraproject.org/wiki/Features/RemoveSETUID, which was a partially-successful effort to use capabilities instead of setuid across the system. (See for example /usr/bin/ping.) However, that was about reducing from full setuid to what is effectively partial setuid (and see the discussion; it's only really meaningful in some cases). Removing the setuid bit entirely is new, as far as I know. -- Matthew Miller -- Fedora Project -- <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
