Date: Tue, 09 Apr 2024 11:51:04 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: [Bug 278204] x11/xkeyboard-config: allow non-root to write into /var/lib/xkb Message-ID: <bug-278204-7141-Tv9D2u1ReQ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-278204-7141@https.bugs.freebsd.org/bugzilla/> References: <bug-278204-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278204 --- Comment #2 from Baptiste Daroussin <bapt@FreeBSD.org> --- reading at the code, Xwayland and Xorg-xserver both seems to rely on "Popen" xkbcomp. Which means only the xkbcomp program needs to be able to write into /var/lib/xkb Probably we can make the 775 root:video and make the xkbcomp binary setgid = with video as a group this is not great but still better than the current situation. This is if we really want xkbcomp to be able to write into /var/lib/xkb, we= can also advice the user to run xkbcomp as root for the rare cases when it is needed (when bringing a non provided xkb if my understanding is correct). FYI I checked on linux (ubuntu 20.04) Xorg is not setuid, /var/lib/xkb is 7= 55 root:root and Xorg is run as user, which means again if I am not missing something that they are not expecting xorg to be able to write anything in = that directory. My personal opinion is we should document how to manually run xkbcomp if actually needed and do not touch de mode for /var/lib/xkb --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278204-7141-Tv9D2u1ReQ>