Re: SecurityFocus Article
From: Jon Smirl
Date: Thu May 11 2006 - 23:18:08 EST
On 5/11/06, linux-os (Dick Johnson) <linux-os@xxxxxxxxxxxx> wrote:
Sorry, the X-server is too large to go into the kernel. It's
a lot easier to modify the boot-loader to set the D_LCK bit
if the security compromise turns out to be real.
The X server doesn't need to go into the kernel, only a very tiny
portion of it needs to go in. But X blindly pursues the idea of total
platform independence which means it ignores many of the services
offer by the Linux kernel and reimplements them in user space. This is
because the BSDs are missing many things that Linux supports.
I just love the idea of 2.4M lines of X code that opens network
sockets needlessly running as root. Top it off with 1,300 unfixed
Coverity hits, http://scan.coverity.com/. But what fun is life if you
don't live a little dangerously. If you want ideas on how to fix X to
not run as root read,
http://people.freedesktop.org/~jonsmirl/graphics.html
Of course DaveA will chime in and say that they are working on fixing
things to use the Linux kernel. This is good and I am glad it is being
done, I just worry that it will get finished sometime around 2014.
--
Jon Smirl
jonsmirl@xxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/