I have asked on the mailing lists. I received a couple of very brief replies which didn’t answer the question at all.
I’m surprised at the response i’ve received to be honest, as the X server is is a fundamental aspect of the operating system, and this latest change (whatever the details of it) appears to have at least the potential to create a security issue.
Anyway I’ll leave it there, as this line of inquiry is clearly not going to generate any light.
Sorry, but as I showed earlier iin this thread, there is no suid bit set in 11.2 (and others confirmed this for other levels). Nevertheless when I boot into runlevel 3 and login as normal user and call startx, my KDE session is started. And imho that is exactly what the OP wants to happen again in his 11.4 system.
I can add that this behaviour was always rather normal and that I can remind many threads on problems with starting X, where people were asked to do the same so that the error messages could be seen. There was never any talk about this being impossible without setting suid bits. I rate this as a regression.
<bmwiedemann1> malcolmlewis: maybe you can just re-add the suid bit. /etc/permissions.local has a line for Xorg
<bmwiedemann1> # setuid bit on Xorg is only needed if no display manager, ie startx is used. Beware of CVE-2010-2240
On 2011-02-22 21:06, hcvv wrote:
>
> robin_listas;2293810 Wrote:
> Sorry, but as I showed earlier iin this thread, there is no suid bit
> set in 11.2 (and others confirmed this for other levels). Nevertheless
> when I boot into runlevel 3 and login as normal user and call -startx-,
> my KDE session is started. And imho that is exactly what the OP wants to
> happen again in his 11.4 system.
This is known and has been already explained - as far as devs explain
things to us lowly earthlings >:-P
/They/ have changed things.
It is not startx which has to be suid, it is Xorg. And mine is, in 11.2:
I had the same problem with RC1 and some different buildslater on Today I have installed build 1093(KDE) and the problem haven’t showed up yet for me. I’m running KDE(always boot to KDE or LXDE) and I was very surprised when I had log in as root to be able to start x.
Bugreport? No, -it’s to hard/difficult/messy to report. I should be better with this I know, my fault sorry.
On 2011-02-23 15:06, jonte1 wrote:
>
> I had the same problem with RC1 and some different buildslater on Today
> I have installed build 1093(KDE) and the problem haven’t showed up
> yet for me. I’m running KDE(always boot to KDE or LXDE) and I was very
> surprised when I had log in as root to be able to start x.
> Bugreport? No, -it’s to hard/difficult/messy to report. I should be
> better with this I know, my fault sorry.
No, no bug report as it intentional, and the “hack” has been published.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
It appears that SUSE releases prior to 11.4 had the suid bit set on Xorg, enabling people to start X from runlvl3. This is (in my experience at least) unusual compared to other distros (Debian & RHEL at least) which have presumably been using POSIX file_caps for some time as they certainly don’t use suid bit, yet allow unprivileged use of Xorg. This is why I was initially confused (I am new to SUSE).
Now it seems the SUSE devs have decided to implement file_caps as well, but rather strangely decided to remove the suid bit before actually implementing the file_caps method. So we were/are caught in between methods, forced to reinstate the old suid method manually while we wait for the new method to be implemented.
I may be wrong about any or all of this, so please let me know if I am!
“hack” has been published". “intentional”???
Well it seems like along way between developers and end users. I have been working as It-manager and run large IT-departments. I should/will not blame developers of Opensuse.
I have another thought and that is my experience that developers are having their own reality(as the users have) they should have a look at the forum at least every time they start hit the buttons in coding.
Yes, I’m very well aware of the RC status of the release and understand what it means. I’m learning a lot Moore to read the forum vs to read bugzilla.
Carlos - Please try to read previous posts properly before replying, otherwise we just go round and round in circles - you are just confusing the issue at the moment.
I chose my words carefully. I know the devs are on the mailing lists - I asked the question on the mailing lists, as I had already said a few posts ago. My point was that the devs on the mailing lists didn’t even attempt to provide an answer to the question, or even discuss the matter.
So if they don’t engage users on the mailing lists, and they don’t visit the forums, then how are users supposed to communicate with them?
I did, that was actually the first place I went. I was advised to file a bug report
(I didn’t, as it’s clearly not a bug).
Anyway, as I said about ten posts ago, i’m giving up on this one (and I mean it this time!). If someone turns up on here who can give an authoritative answer then great, otherwise I don’t see the point of any more speculation.
these fora (including factory) are users helping users…
some devs drop in _some_times…
some devs never drop in…
most devs almost never drop in…
no devs come here looking for bugs to squash or features to implement,
that is what bugzilla and FATE are for…
–
DenverD
CAVEAT: http://is.gd/bpoMD
[NNTP posted w/openSUSE 11.3, KDE4.5.5, Thunderbird3.0.11, nVidia
173.14.28 3D, Athlon 64 3000+]
“It is far easier to read, understand and follow the instructions than
to undo the problems caused by not.” DD 23 Jan 11