Re: [gentoo-user] Permissions error on starting X.
On 11/04 07:18, Neil Bothwick wrote: > On Sun, 4 Nov 2018 19:33:18 +0100, tu...@posteo.de wrote: > > > Is it safe to run X.org suid set? > > Why take a chance when it is unnecessary? > > > -- > Neil Bothwick > > I am ready to meet my Maker. Whether my Maker is prepared for the great > ordeal of meeting me is another matter. - Sir Winston Churchill > (1874-1965) ...not answering my question, sorry. Meino
Re: [gentoo-user] Permissions error on starting X.
On 11/04/18 10:33, tu...@posteo.de wrote: > > > > > On 11/03 11:20, Daniel Frey wrote: >> On 11/03/18 07:01, Alan Mackenzie wrote: >>> Hello, Gentoo. >>> >>> HEADS UP!!! >>> >>> If you start your X server from the command line with, e.g. startx, you >>> now need to set the new(?) suid USE flag for the xorg-server package. >>> >>> This flag causes the binary to be installed with the setuid file flag, >>> which causes it to run as root. >>> >>> The developers, in this instance, failed to raise the ebuild's version >>> number from 1.20.3 when making this change, and also didn't notify users >>> by a NEWS item, that I can see. >>> >>> The matter was fairly intensively discussed in bug #669648 in Gentoo's >>> bugzilla. >>> >>> So - if you get a permissions error whilst trying to start X, setting >>> the suid USE flag may well be the solution. >>> >> >> I just got hit by this on my mythtv backend, which I only start X to >> configure the mythtv backend. >> >> Yes, enabling the suid USE-flag fixed it (or restored original behaviour?) >> >> Dan >> > > Hi, > > is this already known? > https://twitter.com/hackerfantastic/status/1055517801224396800 > > Is it safe to run X.org suid set? > > Cheers > Meino > > > > Even if you run X as a non-root user it's possible to snoop on the keyboard/mouse input of a different user. So... pick your vulnerability. I stuck with the way it's been working for years and years. However, these systems do not have web access or anything like that, they're mythtv appliances. Dan
Re: [gentoo-user] Permissions error on starting X.
On Sun, 4 Nov 2018 19:33:18 +0100, tu...@posteo.de wrote: > Is it safe to run X.org suid set? Why take a chance when it is unnecessary? -- Neil Bothwick I am ready to meet my Maker. Whether my Maker is prepared for the great ordeal of meeting me is another matter. - Sir Winston Churchill (1874-1965) pgpsxPPfd0M14.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Permissions error on starting X.
Hi, On sam. 3 nov. 23:17:24 2018, Neil Bothwick wrote: > On Sat, 3 Nov 2018 14:01:51 +, Alan Mackenzie wrote: > > > So - if you get a permissions error whilst trying to start X, setting > > the suid USE flag may well be the solution. > > Alternatively, create /etc/X11/X11/Xwrapper.config containing: > > allowed_users = anybody > needs_root_rights = yes I run the Xorg without root rights since years on my laptop, I followed https://wiki.gentoo.org/wiki/Non_root_Xorg and it works. -- Alarig
Re: [gentoo-user] Permissions error on starting X.
On 11/03 11:20, Daniel Frey wrote: > On 11/03/18 07:01, Alan Mackenzie wrote: > > Hello, Gentoo. > > > > HEADS UP!!! > > > > If you start your X server from the command line with, e.g. startx, you > > now need to set the new(?) suid USE flag for the xorg-server package. > > > > This flag causes the binary to be installed with the setuid file flag, > > which causes it to run as root. > > > > The developers, in this instance, failed to raise the ebuild's version > > number from 1.20.3 when making this change, and also didn't notify users > > by a NEWS item, that I can see. > > > > The matter was fairly intensively discussed in bug #669648 in Gentoo's > > bugzilla. > > > > So - if you get a permissions error whilst trying to start X, setting > > the suid USE flag may well be the solution. > > > > I just got hit by this on my mythtv backend, which I only start X to > configure the mythtv backend. > > Yes, enabling the suid USE-flag fixed it (or restored original behaviour?) > > Dan > Hi, is this already known? https://twitter.com/hackerfantastic/status/1055517801224396800 Is it safe to run X.org suid set? Cheers Meino
[gentoo-user] Python forced upgrade
Hi all, I had an older machine "appliance" (mythtv-frontend) that hadn't had an update in a while (migrated to 29.1 yesterday/today.) I searched around on the mailing list as portage advised updating itself but it got itself in a circular dependency with python and wanted to install an unstable version of portage as a result, which I didn't want. After wasting 30 minutes waiting for portage to calculate dependencies (using --backtrack=1000) I got po'ed and forced python to install using --nodeps. This worked, I was able to install portage and continue updating my system from there. The problem is there's no more python-updater to make sure that python is in a sane state. Any suggestions for making sure python is actually in a sane state? Dan
Re: [gentoo-user] Re: Permissions error on starting X.
On 11/04/18 02:22, Neil Bothwick wrote: > On Sun, 4 Nov 2018 03:11:45 +0200, Nikos Chantziaras wrote: > >>> The developers, in this instance, failed to raise the ebuild's version >>> number from 1.20.3 when making this change, and also didn't notify >>> users by a NEWS item, that I can see. >> >> Emerge will catch this, no need for revbump. Unless you're not using -D >> (--deep) when updating world. Which you should. > > It didn't on my MythTV frontend, which runs X as the mythtv user, as > xorg-server builds with -suid by default. > > It didn't on my MythTV frontend either, I had to manually add "suid" to package.use for it to start working again. Dan
Re: [gentoo-user] Re: Permissions error on starting X.
On Sun, 4 Nov 2018 03:11:45 +0200, Nikos Chantziaras wrote: > > The developers, in this instance, failed to raise the ebuild's version > > number from 1.20.3 when making this change, and also didn't notify > > users by a NEWS item, that I can see. > > Emerge will catch this, no need for revbump. Unless you're not using -D > (--deep) when updating world. Which you should. It didn't on my MythTV frontend, which runs X as the mythtv user, as xorg-server builds with -suid by default. -- Neil Bothwick Every time I jump on the bandwagon all its wheels fall off. pgpiRtcYXhYGN.pgp Description: OpenPGP digital signature
Re: [gentoo-user] What's with KDE?
On Saturday, 3 November 2018 22:44:32 GMT Dale wrote: > Peter Humphrey wrote: > > On Saturday, 3 November 2018 16:28:58 GMT wabe wrote: > >> I would like to try Trinity Desktop (based on KDE3) but unfortunately > >> there is no Gentoo package. I don't know if there is an Gentoo overlay > >> containing Trinity, but I never used overlays and don't have time to > >> fiddle around anyway. > > > > In that case, from what I've seen I'd say you shouldn't even wonder about > > trinity. You'd have to go back a long way with all manner of programs, and > > even then perhaps not get everything you want. > > > > /2p > > I installed KDE3 for a friend with a very low powered computer several > years ago. At the time, it was in the sunset overlay. Even then it was > a headache and took some effort to install. Some newer programs outside > of KDE wanted newer versions of libs and KDE3 wanted older ones. I had > to install older versions of several programs just to make KDE3 happy. > Given the changes that have been made over the years since, I doubt it > is doable. I seem to recall that KDE3 wasn't well maintained back then > and figure it may even be worse now if it is maintained at all with > regards to Gentoo. > > If had to do a install today for a low powered system, I'd find > something besides KDE3 even tho I still miss some things about it too. > There's plenty of more maintained desktops out there to look at. > > Dale > > :-) :-) I also liked KDE-3 more than anything which succeeded it from the KDE stable and have mourned its passing. I also particularly liked Konqueror's integration with file management. The current Konqueror maintainer is trying single-handedly to keep it running as a simple browser and does not have the (human) resources to recreate the FM functionality of KDE 3 on it. He has asked for devs to join him, but had no takers. I've tried Trinity in the past, but at the time it was nowhere near developed enough to use on a daily basis. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
