> Date: Wed, 9 Aug 1995 23:22:35 -0400
> From: Kenneth Stailey <kstailey@owl.dol-esa.gov>

> I think it is designed to be run SUID root.  X11R6 on i386 with
> XFree86 *must* be SUID root, on Sun3 X11R6 does not seem to launch
> anything without "revoking the throne" first.
> 
> Only thing is that the change back from euid to ruid seems to happen
> too soon.  It still needs a 666 /dev/bwtwo0.
> 
> ~Ken

The SunOS X server should be closer (for comparison) than the i386
X server.  The SunOS X server does not run SUID anything.
(Not that SunOS is widely known for security! 8^)

If someone can assure me that a SUID root X server can not be
exploited, then I am comfortable with that solution.

Alternatively, it is fairly easy to make /dev/kbd and /dev/mouse
insist that a non-root opening process have the same session ID
as the process currently associated with the /dev/kd (console).
I became curious and tried this out.  Here is how I did it:

diff -rc sun3.orig/dev/kbd.c sun3/dev/kbd.c
*** sun3.orig/dev/kbd.c	Tue May 30 08:44:04 1995
--- sun3/dev/kbd.c	Wed Aug  9 17:07:57 1995
***************
*** 539,544 ****
--- 539,560 ----
  kbdopen(dev_t dev, int flags, int mode, struct proc *p)
  {
  	int error;
+ 	struct tty *kd_tp;
+ 	extern struct tty *kdtty();
+ 
+ 	/* Require root or same session as the kd driver. */
+ 	if (p->p_ucred->cr_uid) {
+ 		/* proc is not root */
+ 
+ 		/* Make sure kd is attached and open. */
+ 		kd_tp = kdtty(0);
+ 		if ((kd_tp == NULL) || (kd_tp->t_session == NULL))
+ 			return (EPERM);
+ 
+ 		/* Is this proc in the session on kd? */
+ 		if (p->p_session != kd_tp->t_session)
+ 			return (EACCES);
+ 	}
  
  	/* Exclusive open required for /dev/kbd */
  	if (kbd_softc.k_events.ev_io)
Only in sun3/dev: kbd.c.~1~