On 11/04/18 10:33, tu...@posteo.de wrote: > > > > > On 11/03 11:20, Daniel Frey wrote: >> On 11/03/18 07:01, Alan Mackenzie wrote: >>> Hello, Gentoo. >>> >>> HEADS UP!!! >>> >>> If you start your X server from the command line with, e.g. startx, you >>> now need to set the new(?) suid USE flag for the xorg-server package. >>> >>> This flag causes the binary to be installed with the setuid file flag, >>> which causes it to run as root. >>> >>> The developers, in this instance, failed to raise the ebuild's version >>> number from 1.20.3 when making this change, and also didn't notify users >>> by a NEWS item, that I can see. >>> >>> The matter was fairly intensively discussed in bug #669648 in Gentoo's >>> bugzilla. >>> >>> So - if you get a permissions error whilst trying to start X, setting >>> the suid USE flag may well be the solution. >>> >> >> I just got hit by this on my mythtv backend, which I only start X to >> configure the mythtv backend. >> >> Yes, enabling the suid USE-flag fixed it (or restored original behaviour?) >> >> Dan >> > > Hi, > > is this already known? > https://twitter.com/hackerfantastic/status/1055517801224396800 > > Is it safe to run X.org suid set? > > Cheers > Meino > > > >
Even if you run X as a non-root user it's possible to snoop on the keyboard/mouse input of a different user. So... pick your vulnerability. I stuck with the way it's been working for years and years. However, these systems do not have web access or anything like that, they're mythtv appliances. Dan
