OpenBSD Journal

Privilege Separation for the X Window System

Contributed by jose on from the improvements dept.

Rick Wash was the first to write:
"OpenBSD has continued their work in leaving as little running with root privileges as possible. They committed a privilege separated version of XFree86. Now X will run mostly as an unprivileged user.

(CVS checkin message) "

Finally! A piece of software as large as X running with real privsep! And in time for 3.3, too. This is very cool. Anyone test this out yet?
UPDATE : Updated based on some comments from Henning. The move to real privsep fixes some issues that were seen in the previous non-root model.

(Comments are closed)

  1. By AC () on

    What version of XFree86?

    1. By Anonymous Coward () on

      CVS commit lists above, so one assumes version 4, not 3.3.

      1. By Hugo Villeneuve () on

        The XF4 cvs module contains 3 version of X which are in different subdirectories:

        xc/ - 4.x
        xc-old/ - 3.x (for i386 and mac68k)
        xc-mit/ - very old X11R5 (for hp300)

        (xc-old and xc-mit only builds the X servers, the clients comes from xc (if I understand right))

        So changes in XF4 tree doesn't necessary means to Xfree 4.2.x.

      2. By Anonymous Coward () on

        3.3 refers to OpenBSD 3.3, not to X

    2. By Hugo Villeneuve () on

      It's in current now for Xfree86 4.2.1 (well, that's what my 2 week old -current sparc is running.

      It had been a while since X was running under the pseudo-user _x11 but it was causing a few problems. With this nobody will have to revert back to running X as root to overcome the problems.

  2. By Anonymous Coward () on

    I see no reason the can't work with Linux, the other BSDs, and anything else running XFree86. Anyone know with authority that this is going to find it's way back to the xfree86 people so everyone can benefit?

    1. By Nathan milford () nmilford@ on mailto:nmilford@

      I'm sure the XFree people are smart enough to use CVS and check the code out themsleves. That is the beauty of BSD... they don't need permission to put it in with thier own heap o' code.

      1. By Anonymous Coward () on

        I'm sure they are, but if they are like most open source projects, they won't. They'll probably wait for the patches to be submitted.

        1. By Anonymous Coward () on

          then _you_ submit it, ah the beauty of bsd

    2. By Anonymous Coward () on

      they would benefit more by just uninstalling linux.

      1. By Anonymous Coward () on


        1. By Anonymous Coward () on

          > fool

          He is indeed. Linux taints a system past recovery.


    3. By Marc Espie () on

      Yes, this will be.

      The version currently in OpenBSD isn't quite portable enough yet, but that should happen eventually.

    4. By Anonymous Coward () on

  3. By MicroMaster () on

    Everyone know that MicroBSD had PrivSep for XFree86 (version 5.0.35) almost 3 years ago.


    1. By kremlyn () on

      Want a medal, or a chest to put it on?


    2. By MicroMaster () on

      Of course, all of that proof was on my hard drive, but it dissapered when my hard drive went tits up.

      It also worked perfectly with NVIDIA chipsets, but only when DRI was enabled.

      1. By Anonymous Coward () on

        Must not be running MicroBSD, right?

        1. By Anonymous Coward () on


    3. By Anonymous Coward () on

      fecal matter has grown a mind of its own. :|

    4. By Anonymous Coward () on

      This is an obvious troll. We at microbsd commited privsep
      support for X back in 1992 after completing our ia64 port.

      1. By Kung-fu Troll () on

        No, this is an obvious troll. Your puny posting is no match for my army of kung-fu trolls.

    5. By Outgrope Dildo () on

      hI ThIs is OutGr0p3 D1ld0 here, lead0r of Micr0BEZD, ND I AM 0FFEND0RED BY YU'ALL SLAGginG off my phat ph0rk!


  4. By Heo () on

    OpenBSD should be banned from running anything other than Firewall/Gateway.

    1. By Me () on


      We should also ban it from booting on systems with colour video adapters! Heck, ban everything except running it headlessly, with the only access via ssh.

      Prolly want to remove the keyboard, too.

      1. By Anonymous Coward () on

        how to remove keyboard / mouse
        and ssh ?

        it make an error and i can't

        1. By Eeeeeewww! () on

          Might want to clean the ends off the various cables and try plugging them into the matching connectors on the computer .

          That's not where keyboards and mice go, young man. Wait 'til I tell your mother.

    2. By Jeffrey () on

      Banned..? Are you nuts..?
      If something like that happened, I would simply have to stop using computers altogether.

      OpenBSD on my workstation and my laptop! Yay! =)
      It is simply the best OS for everything (including firewalls).
      I will never again use anything else!

      1. By meme () on

        If you are serious, then i seriously suspect you're <8 yrs old.

    3. By Anonymous Coward () on

      Yea! nobody would ever want a secure desktop.

      (I think 640k outa be enough for anyone)

    4. By Hans Insulander () on

      You should be banned from ever opening your mouth.

    5. By zil0g () on
      Thank you. Please come again.

    6. By Xeo () on

      Who would want a ultra-secure desktop yet incapable of doing anything worthwhile.

      1. By Anonymous Coward () on

        If a unix box is incapable of doing something, that merely reflects the capability of the person running it.

        Seems rather obvious where the problem lies, in your case.

  5. By Anonymous Something () on

    Why not use systrace to let the X server run without root previlege and restrict it to use expected resources (graphic card, all syscall, /etc/X11/*, /tmp/X11-*, tcp/7000, etc)?

    1. By schubert () on

      A. it'd be messier for users to implement. B. when they implemented it under a systrace policy they'd probably screw up because it is messier C. by putting privseperation in the code, less chance for a user to screw things up with a broken systrace policy.

  6. By Anonymous Coward () on

    Is it also working for windows 98?

    1. By Anonymous Coward () on

      No X-Window and Windows 98 are two different versions of Windows, and they are not fully compatible, at least on Intel-class processors.

    2. By Windows User () on

      Yes, but you have to install the "OpenBSD" driver first. When it asks you to "Really reformat hard drive?", answer yes.

    3. By rofl () on

      cygwin anyone?

  7. By schubert () on

    Despite all the mindless drooling the trolls have added to this topic... here's how you know you're using privseperated X:

    root 23125 0.0 0.0 1608 400 ?? I 11:04PM 0:00.00 X: [priv] (XFree86)
    _x11 18096 3.2 0.0 14800 21784 ?? Ss 11:04PM 0:08.22 /usr/X11R6/bin/X vt05

    Now what should clue you in here is the "[priv]" next to X. thats the child proccess with root privs that the commit message talks about.

  8. By Jeffrey () on

    I don't see any problems. Nice stuff.
    It is working fine for me on OpenBSD.i386.
    OpenBSD 3.3-beta

    Yay!!! =)
    Thanks to all of the OpenBSD developers
    from Jeffrey.

Latest Articles


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]