Created attachment 249774 [details] v1 (apply via "git am") Only Xorg has setuid bit (bug 273161), so can write in root-owned directories. Before: $ truss Xwayland :9 |& fgrep /var/lib/xkb access("/var/lib/xkb/",X_OK|W_OK) ERR#13 'Permission denied' access("/var/lib/xkb/",X_OK|W_OK) ERR#13 'Permission denied' access("/var/lib/xkb/",X_OK|W_OK) ERR#13 'Permission denied' access("/var/lib/xkb/",X_OK|W_OK) ERR#13 'Permission denied' After: $ truss Xwayland :9 |& fgrep /var/lib/xkb access("/var/lib/xkb/",X_OK|W_OK) = 0 (0x0) access("/var/lib/xkb/",X_OK|W_OK) = 0 (0x0) open("/var/lib/xkb/server-9.xkm",O_RDONLY,0666) = 10 (0xa) unlink("/var/lib/xkb/server-9.xkm") = 0 (0x0) access("/var/lib/xkb/",X_OK|W_OK) = 0 (0x0) access("/var/lib/xkb/",X_OK|W_OK) = 0 (0x0) open("/var/lib/xkb/server-9.xkm",O_RDONLY,0666) = 12 (0xc) unlink("/var/lib/xkb/server-9.xkm") = 0 (0x0)
There seems to be a fallback to XDG_RUNTIME_DIR if this failed : https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/xkb/ddxLoad.c?ref_type=heads#L73 So I guess that using xkbcomp will use /var/lib/xkb and xwayland will not use those file ? Shouldn't we use XDG_RUNTIME_DIR everywhere ? I admit that I'm totally a noob in xkb stuff as I don't use Xorg and also uses qwerty/us everywhere. I just don't like chmod 1777 without knowing the full picture.
reading at the code, Xwayland and Xorg-xserver both seems to rely on "Popen" xkbcomp. Which means only the xkbcomp program needs to be able to write into /var/lib/xkb Probably we can make the 775 root:video and make the xkbcomp binary setgid with video as a group this is not great but still better than the current situation. This is if we really want xkbcomp to be able to write into /var/lib/xkb, we can also advice the user to run xkbcomp as root for the rare cases when it is needed (when bringing a non provided xkb if my understanding is correct). FYI I checked on linux (ubuntu 20.04) Xorg is not setuid, /var/lib/xkb is 755 root:root and Xorg is run as user, which means again if I am not missing something that they are not expecting xorg to be able to write anything in that directory. My personal opinion is we should document how to manually run xkbcomp if actually needed and do not touch de mode for /var/lib/xkb
Why is it important to write into /var/lib/xkb at all?
(In reply to Gleb Popov from comment #3) I'm not sure how but something when using xorg with xkbcomp or whatever will try to write into this directory to save the new map or something. Review related to this PR: https://reviews.freebsd.org/D44697
Then I'm also against allowing non-root write into this dir. Aren't maps per-user to begin with? How could they be stored into a global location like /var/lib ?
(In reply to Gleb Popov from comment #5) I have no idea how all this thing is supposed to work. A lot of Linux distro use /var/lib/xkb for the compiled stuff, which is why we made the link to it and why we switch xorg-server to use it directly when we switched to meson (even if this part wasn't needed). I don't know which command is supposed to write those keyboard description files but that's something that a user should be able to do and it's working now because of the SUID bit. With my patch (and using xwayland too) it also works as we will fallback to the user XDG_RUNTIME_DIR (and after that on /tmp).
This was superseded by 5c3c7500abd37116903994674f562c603a29aec1 if I understand it correctly and can be closed now?
(In reply to Gleb Popov from comment #7) Not really, xwayland always could use XDG_RUNTIME_DIR for this, I've just extended this to xorg. I still don't know exactly how this hole feature is suppose to work so it's hard for me to do anything more. What I'm sure of is that if a user write some xkbcomp thing in /var/lib/xkb with xorg, the same user will be able to use this file with xwayland but the other way around isn't possible, but again I'm not sure if this is a problem.