634926 – x11-base/xorg-server-1.19.5-r1: Remove "^^ ( suid suid-wrapper )" from REQUIRED_USE

Bug 634926 - x11-base/xorg-server-1.19.5-r1: Remove "^^ ( suid suid-wrapper )" from REQUIRED_USE

Summary: x11-base/xorg-server-1.19.5-r1: Remove "^^ ( suid suid-wrapper )" from REQUIR...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo X packagers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-21 06:59 UTC by Klaus Kusche
Modified:	2017-10-21 17:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Klaus Kusche 2017-10-21 06:59:32 UTC

In xorg-server-1.19.5-r1, a "suid-wrapper" USE flag has been introduced
(see bug 556834). This is ok.

However, "^^ ( suid suid-wrapper )" has been added to REQUIRED_USE,
which forces either the xorg server to be installed suid
or the suid-wrapper program to be installed suid,
which is not ok, but a dangerous nonsense:
A suid xorg server or the suid-wrapper is only needed 
for non-kms graphics drivers and some headless configurations.

In my case (amd radeon, kms), xorg works perfectly fine in user mode,
without being suid and without the wrapper.
Hence, I need neither suid nor suid-wrapper.

Any suid program is an additional potential security risc.
Hence, for security reasons, suid programs should only be installed 
if they are really required, they must never be installed without need.
And in my case (and most likely for the majority of xorg users),
there is absolutely no need for any xorg program being suid.

Comment 1 Arfrever Frehtes Taifersar Arahesis 2017-10-21 17:25:46 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca17c5f407cb5264369aafd39ead709e46777dc4