diff -ruN xrdp-0.9.2-vanilla/sesman/session.c xrdp-0.9.2/sesman/session.c --- xrdp-0.9.2-vanilla/sesman/session.c 2017-03-30 17:18:55.000000000 +1100 +++ xrdp-0.9.2/sesman/session.c 2017-04-08 15:51:58.738246971 +1000 @@ -33,10 +33,6 @@ #include "config_ac.h" #endif -#ifdef HAVE_SYS_PRCTL_H -#include -#endif - #include "sesman.h" #include "libscp_types.h" #include "xauth.h" @@ -641,20 +637,7 @@ if (type == SESMAN_SESSION_TYPE_XORG) { -#ifdef HAVE_SYS_PRCTL_H - /* - * Make sure Xorg doesn't run setuid root. Root access is not - * needed. Xorg can fail when run as root and the user has no - * console permissions. - * PR_SET_NO_NEW_PRIVS requires Linux kernel 3.5 and newer. - */ - if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) - { - log_message(LOG_LEVEL_WARNING, - "Failed to disable setuid on X server: %s", - g_get_strerror()); - } -#endif + char *setpriv = g_strdup("setpriv"); xserver_params = list_create(); xserver_params->auto_free = 1; @@ -663,6 +646,8 @@ xserver = g_strdup((const char *)list_get_item(g_cfg->xorg_params, 0)); /* these are the must have parameters */ + list_add_item(xserver_params, (tintptr) setpriv); + list_add_item(xserver_params, (tintptr) g_strdup("--no-new-privs")); list_add_item(xserver_params, (tintptr) g_strdup(xserver)); list_add_item(xserver_params, (tintptr) g_strdup(screen)); list_add_item(xserver_params, (tintptr) g_strdup("-auth")); @@ -686,7 +671,7 @@ g_setenv("XRDP_START_HEIGHT", geometry, 1); /* fire up Xorg */ - g_execvp(xserver, pp1); + g_execvp(setpriv, pp1); } else if (type == SESMAN_SESSION_TYPE_XVNC) {