diff -ruN xrdp-0.9.2-vanilla/sesman/session.c xrdp-0.9.2/sesman/session.c
--- xrdp-0.9.2-vanilla/sesman/session.c 2017-03-30 17:18:55.000000000 +1100
+++ xrdp-0.9.2/sesman/session.c 2017-04-08 15:51:58.738246971 +1000
@@ -33,10 +33,6 @@
#include "config_ac.h"
#endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
-
#include "sesman.h"
#include "libscp_types.h"
#include "xauth.h"
@@ -641,20 +637,7 @@
if (type == SESMAN_SESSION_TYPE_XORG)
{
-#ifdef HAVE_SYS_PRCTL_H
- /*
- * Make sure Xorg doesn't run setuid root. Root access is not
- * needed. Xorg can fail when run as root and the user has no
- * console permissions.
- * PR_SET_NO_NEW_PRIVS requires Linux kernel 3.5 and newer.
- */
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
- {
- log_message(LOG_LEVEL_WARNING,
- "Failed to disable setuid on X server: %s",
- g_get_strerror());
- }
-#endif
+ char *setpriv = g_strdup("setpriv");
xserver_params = list_create();
xserver_params->auto_free = 1;
@@ -663,6 +646,8 @@
xserver = g_strdup((const char *)list_get_item(g_cfg->xorg_params, 0));
/* these are the must have parameters */
+ list_add_item(xserver_params, (tintptr) setpriv);
+ list_add_item(xserver_params, (tintptr) g_strdup("--no-new-privs"));
list_add_item(xserver_params, (tintptr) g_strdup(xserver));
list_add_item(xserver_params, (tintptr) g_strdup(screen));
list_add_item(xserver_params, (tintptr) g_strdup("-auth"));
@@ -686,7 +671,7 @@
g_setenv("XRDP_START_HEIGHT", geometry, 1);
/* fire up Xorg */
- g_execvp(xserver, pp1);
+ g_execvp(setpriv, pp1);
}
else if (type == SESMAN_SESSION_TYPE_XVNC)
{