James Carlson wrote:
> Alan Coopersmith writes:
>> That's a bug that was just reported to me in private e-mail while I was out
>> on
>> vacation last week. We need to fix Xorg to setuid back to root before
>> opening
>> hotplugged devices.
>
> So ... with that bug fixed, does the need for this special ioctl
> remain? Doesn't closing the descriptor and reopening it when needed
> fix the problem?
Now that I've had a chance to look at it and not just read the e-mail, I'm
trying to determine if that is the correct fix or if the bug is in the kernel
side. The devices are owned by the uid Xorg is running as, due to
logindevperms, but it seems additional privileges are being required by the
kernel drivers (PRIV_SYS_DEVICES) - if it's correct for them to require that,
then I'll work on fixing Xorg to seteuid(0) there. (Xorg has not been made
privilege aware so far since the two states it has needed in the past
are "all privileges" during server/device initialization, and the basic set
provided by seteuid to a non-root user during most of runtime, so there was no
benefit in adding privilege awareness to the code.)
I was not involved in the decision to create this ioctl, so I can't answer
their motivations or why the project team decided creating an ioctl was
better than adding an additional spot for Xorg to return to uid 0.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
