Privilege Separation for the X Window System

Contributed by jose on 2003-02-18 from the improvements dept.

Rick Wash was the first to write:

"OpenBSD has continued their work in leaving as little running with root privileges as possible. They committed a privilege separated version of XFree86. Now X will run mostly as an unprivileged user.
(CVS checkin message) "

Finally! A piece of software as large as X running with real privsep! And in time for 3.3, too. This is very cool. Anyone test this out yet?
UPDATE : Updated based on some comments from Henning. The move to real privsep fixes some issues that were seen in the previous non-root model.

(Comments are closed)

Comments

By AC () on 2003-02-18 02:59

What version of XFree86?
Comments
1. By Anonymous Coward () on 2003-02-18 03:33
  
  CVS commit lists above, so one assumes version 4, not 3.3.
  Comments
  1. By Hugo Villeneuve () on 2003-02-18 04:01 http://EINTR.net
    
    The XF4 cvs module contains 3 version of X which are in different subdirectories:
    
    xc/ - 4.x
    xc-old/ - 3.x (for i386 and mac68k)
    xc-mit/ - very old X11R5 (for hp300)
    
    (xc-old and xc-mit only builds the X servers, the clients comes from xc (if I understand right))
    
    So changes in XF4 tree doesn't necessary means to Xfree 4.2.x.
  2. By Anonymous Coward () on 2003-02-18 18:21
    
    3.3 refers to OpenBSD 3.3, not to X
2. By Hugo Villeneuve () on 2003-02-18 03:47 http://EINTR.net
  
  It's in current now for Xfree86 4.2.1 (well, that's what my 2 week old -current sparc is running.
  
  It had been a while since X was running under the pseudo-user _x11 but it was causing a few problems. With this nobody will have to revert back to running X as root to overcome the problems.
By Anonymous Coward () on 2003-02-18 14:02

I see no reason the can't work with Linux, the other BSDs, and anything else running XFree86. Anyone know with authority that this is going to find it's way back to the xfree86 people so everyone can benefit?
Comments
1. By Nathan milford () nmilford@ on 2003-02-18 15:17 mailto:nmilford@
  
  I'm sure the XFree people are smart enough to use CVS and check the code out themsleves. That is the beauty of BSD... they don't need permission to put it in with thier own heap o' code.
  Comments
  1. By Anonymous Coward () on 2003-02-18 15:36
    
    I'm sure they are, but if they are like most open source projects, they won't. They'll probably wait for the patches to be submitted.
    
    Comments
    
    By Anonymous Coward () on 2003-02-18 21:14
    
    then _you_ submit it, ah the beauty of bsd
2. By Anonymous Coward () on 2003-02-18 18:07
  
  they would benefit more by just uninstalling linux.
  Comments
  1. By Anonymous Coward () on 2003-02-19 18:04
    
    fool
    
    Comments
    
    By Anonymous Coward () on 2003-02-20 04:04
    
    > fool
    
    He is indeed. Linux taints a system past recovery.
    
    :-)
3. By Marc Espie () espie@openbsd.org on 2003-02-19 16:48 mailto:espie@openbsd.org
  
  Yes, this will be.
  
  The version currently in OpenBSD isn't quite portable enough yet, but that should happen eventually.
4. By Anonymous Coward () on 2003-07-17 02:11
By MicroMaster () MicroMaster@microbsd.org on 2003-02-18 21:57 http://www.microbsd.org/

Everyone know that MicroBSD had PrivSep for XFree86 (version 5.0.35) almost 3 years ago.
Narf!
Comments
1. By kremlyn () on 2003-02-18 22:19
  
  Want a medal, or a chest to put it on?
  
  :-)
2. By MicroMaster () MicroMaster@microbsd.org on 2003-02-18 22:51 http://www.microbsd.org
  
  Of course, all of that proof was on my hard drive, but it dissapered when my hard drive went tits up.
  
  It also worked perfectly with NVIDIA chipsets, but only when DRI was enabled.
  Comments
  1. By Anonymous Coward () on 2003-02-18 23:44
    
    Must not be running MicroBSD, right?
    
    Comments
    
    By Anonymous Coward () on 2003-02-18 23:57
    
    lol
3. By Anonymous Coward () on 2003-02-19 12:49
  
  fecal matter has grown a mind of its own. :|
4. By Anonymous Coward () on 2003-02-19 07:01
  
  This is an obvious troll. We at microbsd commited privsep
  support for X back in 1992 after completing our ia64 port.
  Comments
  1. By Kung-fu Troll () kung-fu@teevee.org on 2003-02-20 15:28 http://www.teevee.org/
    
    No, this is an obvious troll. Your puny posting is no match for my army of kung-fu trolls.
5. By Outgrope Dildo () dildo@microbsd.net on 2003-02-19 16:45 mailto:dildo@microbsd.net
  
  hI ThIs is OutGr0p3 D1ld0 here, lead0r of Micr0BEZD, ND I AM 0FFEND0RED BY YU'ALL SLAGginG off my phat ph0rk!
  
  PLEEZE GIVE MEEE REZZZPEEEEKT!
By Heo () on 2003-02-19 04:03

OpenBSD should be banned from running anything other than Firewall/Gateway.
Comments
1. By Me () on 2003-02-19 04:52
  
  Yes!
  We should also ban it from booting on systems with colour video adapters! Heck, ban everything except running it headlessly, with the only access via ssh.
  Prolly want to remove the keyboard, too.
  Comments
  1. By Anonymous Coward () on 2003-02-19 09:53
    
    how to remove keyboard / mouse
    and ssh ?
    
    it make an error and i can't
    
    Comments
    
    By Eeeeeewww! () on 2003-02-21 19:08
    
    Might want to clean the ends off the various cables and try plugging them into the matching connectors on the computer .
    That's not where keyboards and mice go, young man. Wait 'til I tell your mother.
2. By Jeffrey () on 2003-02-19 04:56
  
  Eh..?
  Banned..? Are you nuts..?
  If something like that happened, I would simply have to stop using computers altogether.
  
  OpenBSD on my workstation and my laptop! Yay! =)
  It is simply the best OS for everything (including firewalls).
  I will never again use anything else!
  Comments
  1. By meme () on 2003-02-20 10:52
    
    If you are serious, then i seriously suspect you're <8 yrs old.
3. By Anonymous Coward () on 2003-02-19 14:35
  
  Yea! nobody would ever want a secure desktop.
  
  (I think 640k outa be enough for anyone)
4. By Hans Insulander () hin@hin.nu on 2003-02-19 15:25 mailto:hin@hin.nu
  
  You should be banned from ever opening your mouth.
5. By zil0g () on 2003-02-19 16:00
  
  http://attrition.org/gallery/computing/forum/tn/ban_him.jpg.html
  and
  http://attrition.org/gallery/computing/forum/tn/troll.gif.html
  Thank you. Please come again.
6. By Xeo () on 2003-02-20 10:55
  
  Who would want a ultra-secure desktop yet incapable of doing anything worthwhile.
  Comments
  1. By Anonymous Coward () on 2003-02-20 14:01
    
    If a unix box is incapable of doing something, that merely reflects the capability of the person running it.
    
    Seems rather obvious where the problem lies, in your case.
By Anonymous Something () on 2003-02-19 04:21

Why not use systrace to let the X server run without root previlege and restrict it to use expected resources (graphic card, all syscall, /etc/X11/*, /tmp/X11-*, tcp/7000, etc)?
Comments
1. By schubert () on 2003-02-19 18:00
  
  A. it'd be messier for users to implement. B. when they implemented it under a systrace policy they'd probably screw up because it is messier C. by putting privseperation in the code, less chance for a user to screw things up with a broken systrace policy.
By Anonymous Coward () on 2003-02-19 16:44

Is it also working for windows 98?
Comments
1. By Anonymous Coward () on 2003-02-19 18:03
  
  No X-Window and Windows 98 are two different versions of Windows, and they are not fully compatible, at least on Intel-class processors.
2. By Windows User () on 2003-02-21 15:25
  
  Yes, but you have to install the "OpenBSD" driver first. When it asks you to "Really reformat hard drive?", answer yes.
3. By rofl () on 2003-02-23 00:09
  
  cygwin anyone?
By schubert () on 2003-02-19 17:58

Despite all the mindless drooling the trolls have added to this topic... here's how you know you're using privseperated X:

root 23125 0.0 0.0 1608 400 ?? I 11:04PM 0:00.00 X: [priv] (XFree86)
_x11 18096 3.2 0.0 14800 21784 ?? Ss 11:04PM 0:08.22 /usr/X11R6/bin/X vt05

Now what should clue you in here is the "[priv]" next to X. thats the child proccess with root privs that the commit message talks about.
By Jeffrey () on 2003-02-19 19:26

I don't see any problems. Nice stuff.
It is working fine for me on OpenBSD.i386.
OpenBSD 3.3-beta

Yay!!! =)
Thanks to all of the OpenBSD developers
from Jeffrey.

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]