[Gllug] Fedora 11 gets it wrong

[Nix]

On 11 Jun 2009, John Edwards told this:

> On Wed, Jun 10, 2009 at 11:14:54PM +0100, Nix wrote:
>> On 10 Jun 2009, Peter Corlett told this:
> <snip>
>>> Basically, GUIs as typically implemented on Linux are a security risk and a
>>> performance drag on the system, even if they're not actually being used.
>> 
>> OK, I'm curious here. How? setuid root X apps? (They can't be setuid
>> root Gtk apps unless someone has actually hacked Gtk itself to remove
>> the check that stops you doing that.)
>
> Well, the X binary itself is setuid to allow non-root users to
> start it.

Well yes, of course, but that's the X *server*. The presence of X
libraries and so on (and, thus, apps that use X themselves) is quite
distinct from that.

> I have a habit of removing as much as possible of X from any internet
> accessible server, but that's mainly a policy of only installing what
> you need, and to stop other users getting into bad habits like
> unencrypted remote X sessions.

Oh yes: my firewall has only libX11, libXau, libxcb, libXext, libXmu,
libXdmcp, and the reason for those, xauth, on it. I won't go without
xauth because I want to ssh-tunnel X sessions over the firewall.

> Just noticed that pulseaudio is also setuid, so paranioacs should
> also remove that. After all the most a server should need is beep,
> (unless you want to scare the data centre staff).

Um, pulseaudio can shove sound over the network too. (But probably you
don't want to start it on the server, so you're right that there's not
much point having it there: it should run on your desktop and be talked
to over shm by local apps and over the network by remote ones, via
$PULSE_SERVER and/or the ALSA pulse plugin.)


pulseaudio, unlike X, drops its privileges almost immediately: it only
uses them to give itself realtime privs if so configured (and doesn't
need setuid even for that with recent enough kernels).
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug