andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
13,707 Commits 86 Branches 473 Tags 48 MiB
C 95%
Roff 1.2%
Objective-C 0.9%
Meson 0.8%
M4 0.6%
Other 1.4%
e7b84ca469
Go to file
Hans de Goede e7b84ca469 Xorg: Add a suid root wrapper 
With the recent systemd-logind changes it is possible to install the Xorg
binary without suid root rights and still have everything working as it
should *if* the user only has cards which are supported by kms.

This commit adds a little suid root wrapper, which is a bit weird, first we
strip the suid-root bit of the Xorg binary, and then we add a wrapper ?

The function of this wrapper is to see if a system still needs root-rights,
if it does not (it supports kms and the kms drivers are properly loaded),
then it will immediately drop all elevated rights before executing the real
Xorg binary. If it finds (some) cards which don't support kms, or no cards
at all, then it will execute the Xorg server with elevated rights so that
ie the nvidia binary driver and the vesa driver can keep working normally.

To make it possible for security concious users who don't need the root
rights to completely remove the wrapper, Xorg is started in a 3 step process
when the wrapper is enabled during build time:

1) A simple shell script which checks if the wrapper is there, if it is
  it executes the wrapper, if not it directly executes the real Xorg binary

2) The wrapper gets executed, does its checks, normally drops all elevated
  rights and then executes the real Xorg binary

3) The real Xorg binary does its thing

This allows distributions to put the wrapper binary in a separate package, and
will allow users to remove this package. IE the plan with Fedora is to make
"legacy" drivers depend on the wrapper pkg, and since our default install
contains some legacy drivers it will be part of the default install, but
users can later yum remove it (which will also automatically remove the
legacy driver packages as those won't work without it anyways).

The wrapper is loosely modelled after the existing Debian Xwrapper, it
uses the same config-file + config-file format, and also allows restricting
Xserver execution (through the wrapper) to console users only.

There also is a new needs_root_rights config file directive, which can
be used to override the auto-detection the wrapper does.

Hopefully this will allow Debian to replace their own wrapper with this
upstream one.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2014-03-12 08:50:05 +01:00
composite composite: Remove duplicate window pixmap fetch 2014-01-22 19:56:32 -08:00
config Merge remote-tracking branch 'whot/for-keith' 2014-03-11 22:04:36 -07:00
damageext Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
dbe Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
dix xkb: push locked modifier state down to attached slave devices 2014-03-11 17:43:34 +10:00
doc doc: Update documentation about Windows platforms support a bit 2012-10-29 12:21:14 +00:00
dri3 Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
exa exa: Fix -Wshadow warnings 2014-01-22 19:56:32 -08:00
fb Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
glamor glamor: Use buffer_storage 2014-03-10 13:57:21 -07:00
glx glx: Clear new FBConfig attributes to 0 by default. 2014-03-10 13:57:21 -07:00
hw Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
include Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
m4 xorg-tls: fix warning, replace AC_TRY_COMPILE with AC_COMPILE_IFELSE 2014-01-22 11:18:42 -08:00
man Correct description of -displayfd option in man page. 2012-10-11 12:53:57 +01:00
mi mi: fix printf warning about size_t format specifier 2014-02-10 07:02:34 +10:00
miext Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
os gcc 4.2.1 doesn't support #pragma GCC diagnostic ignored 2014-02-24 16:30:07 -08:00
present Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
pseudoramiX pseudoramiX: Add _X_ATTRIBUTE_PRINTF attributes to debug functions. 2014-01-27 11:38:34 -08:00
randr V2: Add check for link from output to crtc before optimizing out a CrtcSet call 2014-02-24 16:33:35 -08:00
record Clean up a few function prototypes to not place formals in /**/ 2014-01-12 10:24:12 -08:00
render Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
test hashtabletest: Fix warning: format ‘%ld’ expects argument of type ... 2014-03-10 09:06:57 +01:00
Xext sync: Avoid ridiculously long timeouts 2014-02-09 10:41:18 +01:00
xfixes Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
Xi Xi: check for invalid modifiers for XI2 passive grabs 2014-02-21 10:01:13 +10:00
xkb xkb: push locked modifier state down to attached slave devices 2014-03-11 17:43:34 +10:00
.dir-locals.el Add .dir-locals.el 2013-08-17 12:17:36 +02:00
.gitignore doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00
autogen.sh autogen.sh: Honor NOCONFIGURE=1 2012-10-19 13:12:33 +10:00
configure.ac Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
COPYING Shadow: Switch the Amiga/Atari bitplane code to the canonical X.Org license 2013-05-14 14:41:00 -07:00
devbook.am devbook.am: maintenance update from docbook.am 2011-09-21 14:07:52 -07:00
docbook.am docbook.am: embed css styles inside the HTML HEAD element 2011-09-21 14:07:49 -07:00
fix-miregion Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-miregion-private Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-patch-whitespace Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
fix-region Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
Makefile.am DIST_SUBDIRS needs to include glamor, even if it isn't built 2014-02-13 15:25:56 -08:00
manpages.am Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
README packaging: provide a default README file #24206 2010-01-27 14:00:17 -08:00
xorg-server.m4 macros: clarify documentation 2012-11-05 13:24:57 -06:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README 

					X Server

The X server accepts requests from client applications to create windows,
which are (normally rectangular) "virtual screens" that the client program
can draw into.

Windows are then composed on the actual screen by the X server
(or by a separate composite manager) as directed by the window manager,
which usually communicates with the user via graphical controls such as buttons
and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the
following article:
http://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the
Xorg mailing list:

        http://lists.freedesktop.org/mailman/listinfo/xorg

Please submit bug reports to the Xorg bugzilla:

        https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

The master development code repository can be found at:

        git://anongit.freedesktop.org/git/xorg/xserver

        http://cgit.freedesktop.org/xorg/xserver

For patch submission instructions, see:

	http://www.x.org/wiki/Development/Documentation/SubmittingPatches

For more information on the git code manager, see:

        http://wiki.x.org/wiki/GitPage