Rootless Xorg / Replacing LightDM

Xorg is a large amount of ancient code that receives barely any attention and adds a lot of attack surface. Debian runs Xorg rootless by default for years now but Whonix’s default display manager, LightDM, decides to run it as root for whatever reason. You can verify this with ps aux.

X doesn’t need to be run as root anymore (except maybe for some weird, rarely used drivers) so we should probably replace LightDM or figure out how to make it run X unprivileged. Most distros already do this by default.

On my host, I just modify ~/.bash_profile to automatically execute startx on login (via console). Display managers aren’t that important, especially considering Whonix automatically logs in. Getting rid of them entirely would be more attack surface removed.

1 Like

Could be a fallback plan / stopgap solution if there is no better solution.

For a better solution, please see this:

Should be investigated first before spending any time on this one.

1 Like

Changing DE/WM isn’t the same as changing the display manager. They’re different things.

One part of this forum subject is “Rootless Xorg”. That becomes completely unnecessary if use XFCE with Wayland could be implemented.

Which future display manager to (not) use also depends on if use XFCE with Wayland is possible. Things might look very different if we managed to get wayland.

Therefore I consider use XFCE with Wayland to be a blocker for this very forum subject.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]