Announcement

Collapse
No announcement yet.

XMir Has A Big Security Problem With VT Switching

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by robclark View Post
    The point was the stupid post of LinuxGamer who said that there was no security holes in Fedora. I did not talk about Ubuntu.
    And you, did you have a point?

    Comment


    • #32
      Originally posted by Malizor View Post
      The point was the stupid post of LinuxGamer who said that there was no security holes in Fedora. I did not talk about Ubuntu.
      And you, did you have a point?
      You don't even know how to read i said "Huge Security Holes in it"

      Comment


      • #33
        Originally posted by Malizor View Post
        The point was the stupid post of LinuxGamer who said that there was no security holes in Fedora. I did not talk about Ubuntu.
        And you, did you have a point?
        there are your average run of the mill CVE that every distro has.. and then there are the holes so big you could accidentally drive a truck through it without even noticing that it was there (like this VT switching issue). I think LinuxGamer was referring to the latter.

        Comment


        • #34
          Originally posted by LinuxGamer View Post
          You don't even know how to read i said "Huge Security Holes in it"
          Hm, ok. You just don't know what you are talking about.
          Let's move on to another subject.

          Comment


          • #35
            Originally posted by robclark View Post
            there are your average run of the mill CVE that every distro has.. and then there are the holes so big you could accidentally drive a truck through it without even noticing that it was there (like this VT switching issue). I think LinuxGamer was referring to the latter.
            Not all CVE are "small"...

            In this case we are talking about a known issue in a beta software that is not actually deployed anywhere by default (not even Ubuntu 13.10 daily images) and is only installed on developers/volunteers computers.

            Pardon me if I find the latest OpenSSL/Apache/Bind security issues to be "bigger".

            Comment


            • #36
              Originally posted by Malizor View Post
              Not all CVE are "small"...

              In this case we are talking about a known issue in a beta software that is not actually deployed anywhere by default (not even Ubuntu 13.10 daily images) and is only installed on developers/volunteers computers.

              Pardon me if I find the latest OpenSSL/Apache/Bind security issues to be "bigger".
              Fair enough, it isn't a remotely exploitable issue. But still, it is an issue where an end user can exploit themselves without even realizing it. And a known issue, at that. It seems irresponsible to encourage users to install/test/use with this sort of known issue.

              Comment


              • #37
                Originally posted by Malizor View Post
                Not all CVE are "small"...

                In this case we are talking about a known issue in a beta software that is not actually deployed anywhere by default (not even Ubuntu 13.10 daily images) and is only installed on developers/volunteers computers.

                Pardon me if I find the latest OpenSSL/Apache/Bind security issues to be "bigger".
                there are so many on Ubuntu its hard just to read the ones from 2013 holy shit Ubuntu is so fucking insecure it makes puppy's cry

                http://cve.mitre.org/data/refs/refma...ce-UBUNTU.html

                Comment


                • #38
                  Originally posted by LinuxGamer View Post
                  You don't even know how to read i said "Huge Security Holes in it"
                  you go know that no one by default is using mir yet right? not even on ubuntu 13.10 unless u manualy install it....
                  and even if it did ubuntu 13.10 is not even a beta yet....
                  also this is not a "big security hole" this is just a bug of a alpha software...
                  even the kernel has securitu issues and those yes are "big security holes".

                  stop being a fanboy LinuxGamer

                  Comment


                  • #39
                    Originally posted by MrTheSoulz View Post
                    you go know that no one by default is using mir yet right? not even on ubuntu 13.10 unless u manualy install it....
                    and even if it did ubuntu 13.10 is not even a beta yet....
                    also this is not a "big security hole" this is just a bug of a alpha software...
                    even the kernel has securitu issues and those yes are "big security holes".

                    stop being a fanboy LinuxGamer
                    LTS Kernels are the most secure and this Xmir thing is going into Beta next week soon to be the default

                    Comment


                    • #40
                      Originally posted by LinuxGamer View Post
                      LTS Kernels are the most secure and this Xmir thing is going into Beta next week soon to be the default
                      check phoronix for the latest kernel security issue....
                      it was there for YEARS and no one knew, we dont even know how many time it was exploited...
                      you cant win this war dude, just give up, every thing has security issues...
                      new software is gonna be more insecure thats a fact

                      EDIT:
                      did u even know X is fill with security issues?
                      Last edited by MrTheSoulz; 08-22-2013, 06:20 PM.

                      Comment


                      • #41
                        Originally posted by robclark View Post
                        Fair enough, it isn't a remotely exploitable issue. But still, it is an issue where an end user can exploit themselves without even realizing it. And a known issue, at that. It seems irresponsible to encourage users to install/test/use with this sort of known issue.
                        Indeed, and that's the point of Matthew in his blog post.
                        The bug is not a problem in itself because it is known and it will be fixed before Xmir becomes default in 13.10 (so before the end of next week).
                        The problem is that this issue was arguably not documented enough for the enthusiasts who are testing Xmir in the mean time.

                        The issue was indeed documented: https://lists.ubuntu.com/archives/ub...st/037572.html (see near the end, in the known issues list)
                        Matthew just expected a kind of big red warning at Mir startup.
                        Last edited by Malizor; 08-22-2013, 06:33 PM.

                        Comment


                        • #42
                          Originally posted by MrTheSoulz View Post
                          check phoronix for the latest kernel security issue....
                          it was there for YEARS and no one knew, we dont even know how many time it was exploited...
                          you cant win this war dude, just give up, every thing has security issues...
                          new software is gonna be more insecure thats a fact

                          EDIT:
                          did u even know X is fill with security issues?
                          yes Xorg sucks but Xmir sucks even more eww

                          Comment


                          • #43
                            Originally posted by LinuxGamer View Post
                            yes Xorg sucks but Xmir sucks even more eww
                            dude...
                            *facepalm* your have mental issues i bet

                            Comment


                            • #44
                              Originally posted by MrTheSoulz View Post
                              dude...
                              *facepalm* your have mental issues i bet
                              Albert Einstein was called crazy too or said to have mental issues we all have some type of "mental issues" do we not?

                              Comment


                              • #45
                                Originally posted by LinuxGamer View Post
                                Albert Einstein was called crazy too or said to have mental issues we all have some type of "mental issues" do we not?
                                The fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.
                                -Carl Sagan

                                Comment

                                Working...
                                X