Bug 2212300

Summary: Different default security behavior for X11 and Wayland on Fedora
Product: [Fedora] Fedora Reporter: Alexander Zeijlon <alexander.zeijlon>
Component: xorg-x11-xinitAssignee: Adam Jackson <ajax>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 38CC: airlied, ajax, negativo17, rhughes, rstrode, xgl-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Zeijlon 2023-06-05 08:34:12 UTC 
There seems to be an inconsistency in how the package xorg-x11-xinit and Gnome mutter handles user permissions for the X server.

A few months ago, mutter changed their default behavior such that users are not automatically added as "SI:localuser:<username>" with the motivation that some applications can bypass the X11 permission settings. See https://gitlab.gnome.org/GNOME/mutter/-/commit/b61b0478f7538db27c35dff48f4581a811458116.

In Fedora when starting Gnome with X11, "xhost +SI:localuser:<username>" is set at login by the script /etc/X11/xinit/xinitrc.d/localuser.sh, which is a part of the xorg-x11-xinit package.

The script was added to the package 16 years ago, but I can't find any information about why it was added. See https://src.fedoraproject.org/rpms/xorg-x11-xinit/c/6cf01551afb21a2de9a54fb009d910bb7595fa08.

This now means that there is a difference in security settings in Fedora depending on if users decide to use Gnome under X11 or under Wayland.

Can adding "SI:localuser:<username>" still be considered safe? Or do you have any additional info on why localuser.sh was added initially?

Reproducible: Always