How to start x properly?

I have asked on the mailing lists. I received a couple of very brief replies which didn’t answer the question at all.

I’m surprised at the response i’ve received to be honest, as the X server is is a fundamental aspect of the operating system, and this latest change (whatever the details of it) appears to have at least the potential to create a security issue.

Anyway I’ll leave it there, as this line of inquiry is clearly not going to generate any light.

Thanks to those who were helpful.

spoov

Sorry, but as I showed earlier iin this thread, there is no suid bit set in 11.2 (and others confirmed this for other levels). Nevertheless when I boot into runlevel 3 and login as normal user and call startx, my KDE session is started. And imho that is exactly what the OP wants to happen again in his 11.4 system.

I can add that this behaviour was always rather normal and that I can remind many threads on problems with starting X, where people were asked to do the same so that the error messages could be seen. There was never any talk about this being impossible without setting suid bits. I rate this as a regression.

@spoovy
From IRC #opensuse-factory;


<bmwiedemann1> malcolmlewis: maybe you can just re-add the suid bit. /etc/permissions.local has a line for Xorg
<bmwiedemann1> # setuid bit on Xorg is only needed if no display manager, ie startx  is used. Beware of CVE-2010-2240

CVE - CVE-2010-2240 (under review)

On 2011-02-22 21:06, hcvv wrote:
>
> robin_listas;2293810 Wrote:

> Sorry, but as I showed earlier iin this thread, there is no suid bit
> set
in 11.2 (and others confirmed this for other levels). Nevertheless
> when I boot into runlevel 3 and login as normal user and call -startx-,
> my KDE session is started. And imho that is exactly what the OP wants to
> happen again in his 11.4 system.

This is known and has been already explained - as far as devs explain
things to us lowly earthlings >:-P

/They/ have changed things.

It is not startx which has to be suid, it is Xorg. And mine is, in 11.2:

-rws–x–x 1 root root 1885576 2010-09-23 17:49 /usr/bin/Xorg*

In 11.4 it is plain “rwx”–x–x


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

It is not startx which has to be suid, it is Xorg. And mine is, in 11.2:

-rws–x–x 1 root root 1885576 2010-09-23 17:49 /usr/bin/Xorg*

Sorry, you are correct. Mine is the same (as I showed also earlier I think) :shame: :shame:

I had the same problem with RC1 and some different buildslater on Today I have installed build 1093(KDE) and the problem haven’t showed up yet for me. I’m running KDE(always boot to KDE or LXDE) and I was very surprised when I had log in as root to be able to start x.
Bugreport? No, -it’s to hard/difficult/messy to report. I should be better with this I know, my fault sorry.

On 2011-02-23 15:06, jonte1 wrote:
>
> I had the same problem with RC1 and some different buildslater on Today
> I have installed build 1093(KDE) and the problem haven’t showed up
> yet for me. I’m running KDE(always boot to KDE or LXDE) and I was very
> surprised when I had log in as root to be able to start x.
> Bugreport? No, -it’s to hard/difficult/messy to report. I should be
> better with this I know, my fault sorry.

No, no bug report as it intentional, and the “hack” has been published.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

OK then, this is my best guess -

It appears that SUSE releases prior to 11.4 had the suid bit set on Xorg, enabling people to start X from runlvl3. This is (in my experience at least) unusual compared to other distros (Debian & RHEL at least) which have presumably been using POSIX file_caps for some time as they certainly don’t use suid bit, yet allow unprivileged use of Xorg. This is why I was initially confused (I am new to SUSE).

Now it seems the SUSE devs have decided to implement file_caps as well, but rather strangely decided to remove the suid bit before actually implementing the file_caps method. So we were/are caught in between methods, forced to reinstate the old suid method manually while we wait for the new method to be implemented.

I may be wrong about any or all of this, so please let me know if I am! :slight_smile:

Cheers

On 2011-02-24 00:06, spoovy wrote:
> I may be wrong about any or all of this, so please let me know if I am!
> :slight_smile:
>

Your guess is as valid as mine.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

“hack” has been published". “intentional”???
Well it seems like along way between developers and end users. I have been working as It-manager and run large IT-departments. I should/will not blame developers of Opensuse.

I have another thought and that is my experience that developers are having their own reality(as the users have) they should have a look at the forum at least every time they start hit the buttons in coding.
Yes, I’m very well aware of the RC status of the release and understand what it means. I’m learning a lot Moore to read the forum vs to read bugzilla.

That is of of course my personal thoughts.

On 2011-02-24 08:36, jonte1 wrote:

> …
> they should have a look at
> the forum

Ha! X’-)

Just you try telling them that. Some have written that they will never read
a forum…


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

OK then this’ll put the cat among the pidgins :slight_smile:

If the devs are not willing to engage with the users, then how exactly is openSUSE a community effort?

I had assumed that there were devs hanging around in the factory forum at least…

Some very wise words written.
Thanks.

A reply to myself and stealing the line, -“If the devs are not willing to engage with the users, then how exactly is openSUSE a community effort?”.

That is a question to ask?
By the way, do we get any report back on Sundays effort to kill bugs? I have other things to do stay on IRC all day long.

My experience is that devs need someone that administrate/set up guidelines. No I’m not a been counter, -moore of a technology guy from the bottom.

-But who I’m I to tell other what to do :wink:

On 2011-02-24 13:06, spoovy wrote:

> I had assumed that there were devs hanging around in the factory forum
> at least…

They do hang in the maillist. What I said is that most of them will not
touch a forum.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

Ok!
Fine by me.
I’m not after to hunt the developers, It wouldn’t …

Never mind.

Carlos - Please try to read previous posts properly before replying, otherwise we just go round and round in circles - you are just confusing the issue at the moment.

I chose my words carefully. I know the devs are on the mailing lists - I asked the question on the mailing lists, as I had already said a few posts ago. My point was that the devs on the mailing lists didn’t even attempt to provide an answer to the question, or even discuss the matter.

So if they don’t engage users on the mailing lists, and they don’t visit the forums, then how are users supposed to communicate with them?

Hi
Jump on the relevant IRC channel then… #opensuse-factory is a good
place to start.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.27-0.2-default
up 3 days 12:23, 6 users, load average: 0.10, 0.20, 0.35
GPU GeForce 8600 GTS Silent - Driver Version: 260.19.26

I did, that was actually the first place I went. I was advised to file a bug report
(I didn’t, as it’s clearly not a bug).

Anyway, as I said about ten posts ago, i’m giving up on this one (and I mean it this time!). If someone turns up on here who can give an authoritative answer then great, otherwise I don’t see the point of any more speculation.

On 02/24/2011 06:36 PM, spoovy wrote:

> So if they don’t engage users on the mailing lists, and they don’t
> visit the forums, then how are users supposed to communicate with them?

several ways are available…the first two leave a trackable record
that you or anyone can follow:

bugzilla > http://en.opensuse.org/Submitting_Bug_Reports

FATE > https://features.opensuse.org/

IRC >
http://en.opensuse.org/openSUSE:Communication_channels#Instant_chat_.28IRC.29

Mail lists >
http://en.opensuse.org/openSUSE:Communication_channels#Mailing_lists

these fora (including factory) are users helping users…

some devs drop in _some_times…

some devs never drop in…

most devs almost never drop in…

no devs come here looking for bugs to squash or features to implement,
that is what bugzilla and FATE are for…


DenverD
CAVEAT: http://is.gd/bpoMD
[NNTP posted w/openSUSE 11.3, KDE4.5.5, Thunderbird3.0.11, nVidia
173.14.28 3D, Athlon 64 3000+]
“It is far easier to read, understand and follow the instructions than
to undo the problems caused by not.” DD 23 Jan 11