Quoting Alan Coopersmith, who wrote the following on Fri, 15 Jan 2010:
> Jan Setje-Eilers wrote: >> We do know what it does. Re-design is perhaps a stronger term than was >> appropriate here. Enrico was collapsing what were originally two daemons >> into one yesterday. He was primarily offering that he'd be happy to make >> additional changes if you had some smart ideas about how to deal with >> xsvc without running as root. > > At least from our experience with Xorg, you will need full privileges > (uid 0) for both /dev/xsvc and the sysi86 call to change the IOPL. > You may be able to drop some privileges after you've done that (Xorg > can't since it has to be able to unwind and redo those calls again > later). The only way to fully drop privileges would be to identify the set of ports that will be accessed and add kernel interfaces to add those ports to the IO port bitmap in the process' TSS (it's even more complex for 64-bit processes). The system-level complexity is MUCH lower if the process executes with full privileges. --S
