don't launch X.Org as root
postmarketOS currently uses lightdm to log in automatically. LightDM launches X.Org as root (ps ax|grep X
reports root /usr/bin/X :0 …
). It would be nice to avoid that, as X.Org has a pretty large attack surface and could run as a non-privileged user account.
The thing is, lightDM doesn't support launching X as a non-root https://bugs.launchpad.net/lightdm/+bug/1292324.
On the other hand, X.Org is not used that much in pmOS (at least not by the phone UIs) and for someone to exploit a vulnerability in X.Org, it likely need access to X, so it must run on the phone already: unless we work on app isolation, it has access to most of what matters anyway https://xkcd.com/1200/.
Edited by Caleb Connolly