In article ??? Antti Miettinen  <apm@vipunen.hut.fi> wrote:
>>	I didn't think the XServers would *work* when not suid root; in fact,
>>a quick chmod on my machine reveals that XF86_S3 can't open a virtual console
>>w/o being suid.
>I suppose any X server needs access to the framebuffer, keyboard and
>mouse. I've solved these things so that the device nodes needed for X
>server are owned by group xyz and the Xserver binary is sgid xyz. This
>is not very good solution. What I would like, is login or xdm to chown
>the device nodes to the user who logs in.

It can be done even better than that...we have a setup based on the fbtab
concept done on sunos, such that relevant devices are owned by whoever logs in
on the console...
Unfortunatly the Xservers (for i386) have checks to make sure they are running
as root in them...this is retarded, why don't they just try opening things and
see if it works...(then you could choose the solution of your choice...)
(Note: I guess stuff that tries to /dev/mem or like would still be a problem...)

[...]
>It's the same problem on all archs but IMHO the worst solution is to
>run Xserver suid root. I've said this before, but here goes again..
>Xservers tend to be huge programs and huge programs tend to have bugs
>and buggy suid root programs can crash the system. Who knows, maybe
>the mysterious crashes I've been having for a long time were caused by
>my xlock which was suid root.
Here here...

-- 
William Bardwell
wbardwel+@[cs.]cmu.edu