Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Moblin 2.0 To Not Run X Server As Root

  1. #1
    Join Date
    Jan 2007
    Posts
    15,106

    Default Moblin 2.0 To Not Run X Server As Root

    Phoronix: Moblin 2.0 To Not Run X Server As Root

    Intel's Arjan van de Ven has fired off an email letting us know that Moblin 2.0 will have its X Server running without root privileges. The first feature of their new "Moblin Secure X project" is to integrate NRX technology, which we take to mean "No-Root X" and is described as "NRX is a set of OS changes and patches that makes it possible to no longer run the X server as the privileged 'root' user." Just last week we reported on a root-less X Server nearing reality. Traditionally the X Server has been run as root so that it can communicate directly with the graphics hardware, but with the mainlining of kernel mode-setting, it's now easily possible to run the X Server without root privileges...

    http://www.phoronix.com/vr.php?view=NzM3NA

  2. #2
    Join Date
    Oct 2007
    Location
    UK
    Posts
    160

    Default

    I wouldnt be surprised if this is just to make sure that ion chips can't run moblin....

  3. #3
    Join Date
    Jun 2007
    Posts
    145

    Default

    well, that's nvidia's fault! their problem. perhaps sometimes they realize that they *have* to give out docs and open their driver (hehe hope for more pressure for chrome os).

  4. #4
    Join Date
    Mar 2009
    Location
    Portland
    Posts
    32

    Default

    seems that for every improvement made to linux there's always someone paranoid....

    breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

    The objective is a real improvement to the Linux security model.
    With all the work done in the X stack over the last two years,
    running X no longer as root is finally possible. That is great
    progress if you ask me.

    Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.

  5. #5
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    What i really dislike with moblin is that the default X is compiled just to break nvidia. The instruction to enable it requires X recompilation thats really crap. Vbox + Nvidia drivers should compile and work without extra work.

  6. #6
    Join Date
    Mar 2009
    Location
    Portland
    Posts
    32

    Default

    Kano: I'm sorry but you're very wrong.
    Moblin X is not compiled "just to break nvidia".

    I don't know if the nvidia binary stuff works out of the box or not; I'm personally not interested in machines with nvidia hardware. But to try to say that Moblin deliberately compiles X to break that... No.

  7. #7
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Then tell me why xinerama is disabled by default? Nvidia binary expects that to be enabled.

  8. #8
    Join Date
    Oct 2007
    Posts
    92

    Default

    Quote Originally Posted by arjan_intel View Post
    seems that for every improvement made to linux there's always someone paranoid....

    breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

    The objective is a real improvement to the Linux security model.
    With all the work done in the X stack over the last two years,
    running X no longer as root is finally possible. That is great
    progress if you ask me.

    Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.
    If it is required at all ... afaik the driver just needs access to /dev/nvidia*

  9. #9
    Join Date
    Oct 2007
    Location
    UK
    Posts
    160

    Default

    Quote Originally Posted by arjan_intel View Post
    seems that for every improvement made to linux there's always someone paranoid....

    breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

    The objective is a real improvement to the Linux security model.
    With all the work done in the X stack over the last two years,
    running X no longer as root is finally possible. That is great
    progress if you ask me.

    Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.
    It was a snarky comment. I know rootless X is a great thing and that its easy to break the nvidia binary....

    Incidentally the binary allready breaks cause they build xorg without xinerama on moblin. I'd guess its to speed up start times since with recompiled xorg i found mine started a ltitle slower, but then again i didnt time it.

    Kano recompile the src.rpm with xinerama, its not hard. I show how on my site www.madeo.co.uk

  10. #10
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Why should i recompile it? That's a wrong design decision to disable it by default.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •