Retrying revoke()

Posted Apr 15, 2013 16:31 UTC (Mon) by walters (subscriber, #7396)
In reply to: Retrying revoke() by guillemj
Parent article: Retrying revoke()

No, it's based on OpenEmbedded.

You are also conflating the setuid bit on Xorg with running as root - these are two independent things.

to post comments

Retrying revoke()

Posted Apr 21, 2013 19:07 UTC (Sun) by guillemj (subscriber, #49706) [Link]

> No, it's based on OpenEmbedded.

I was referring to apoelstra's or nix's systems but anyway, nice to know. :)

> You are also conflating the setuid bit on Xorg with running as root - these are two independent things.

Not really. You mentioned that Xorg is running as root because it's setuid root, and that this was a "huge attack surface", without specifying which part. So while I agree making the full-blown Xorg setuid root is an attack vector, to me it's just tiny (because it's easy to avoid with the Debian wrapper for example) in comparison to running the X server as root, which I assume is still the case with something like GDM. The whole point of this subthread was the possibility of being able to finally run the X server as non-root, which would get rid of the actual (IMO) huge attack surface.