Announcement

Collapse
No announcement yet.

The XMir Security Issue Should Now Be Resolved

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The XMir Security Issue Should Now Be Resolved

    Phoronix: The XMir Security Issue Should Now Be Resolved

    Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved...

    http://www.phoronix.com/vr.php?view=MTQ0Mzg

  • #2
    Originally posted by phoronix View Post
    Phoronix: The XMir Security Issue Should Now Be Resolved

    Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved...

    http://www.phoronix.com/vr.php?view=MTQ0Mzg
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    well the Unity Lens AD's has porn in it too but oh well any one know if they fixed it?
    http://mindaict.blogspot.com/2012/09...l#.UhfY-6yP-PI

    Comment


    • #3
      If you were looking for porn, then one would call that a feature (shifty eyes).

      There is a built in way to turn amazon search off, btw.

      Comment


      • #4
        what the problem?

        Originally posted by LinuxGamer View Post
        "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

        well the Unity Lens AD's has porn in it too but oh well any one know if they fixed it?
        http://mindaict.blogspot.com/2012/09...l#.UhfY-6yP-PI
        you don t see porno when you are a child? lol

        ppl try everything, go out and live your life and stop with stupid things

        Comment


        • #5
          Originally posted by Andrecorreia View Post
          you don t see porno when you are a child? lol

          ppl try everything, go out and live your life and stop with stupid things
          Weren't you supposed to leave Phoronix forever, because Michael said it was good news Xubuntu won't use XMir on 13.10?

          Comment


          • #6
            [QUOTE=LinuxGamer;352835]"Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

            --snip

            This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?

            Comment


            • #7
              This is still broken as of revision 1007, presumably because corresponding code needs to land in Xmir.

              Comment


              • #8
                Originally posted by mjg59 View Post
                This is still broken as of revision 1007, presumably because corresponding code needs to land in Xmir.
                Wait at least a few days, it's probably in the staging PPA right now.

                Comment


                • #9
                  Originally posted by mrugiero View Post
                  Wait at least a few days, it's probably in the staging PPA right now.
                  What is? The commit Michael references as fixing the problem is in the Mir libraries that I'm running.

                  Comment


                  • #10
                    Originally posted by mjg59 View Post
                    What is? The commit Michael references as fixing the problem is in the Mir libraries that I'm running.
                    Oh. I thought it was just released. They did that with the cursor fix.

                    Comment


                    • #11
                      Originally posted by mjg59 View Post
                      What is? The commit Michael references as fixing the problem is in the Mir libraries that I'm running.
                      Can some one say Oops lol

                      Comment


                      • #12
                        No thanks

                        Originally posted by LinuxGamer View Post
                        "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time
                        Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

                        because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"

                        Comment


                        • #13
                          Originally posted by tmpdir View Post
                          Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

                          because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"
                          It's funny how developers did acknowledge they need to put more warnings in several places (they stated there are several bugs filed where the user started testing an alpha release without having an idea of how to restore their systems if they lose the ability to boot) but some users are still on denial of this fact. You need to warn users of the risk of testing bleeding edge software, specially with a distro supposed to be newbie friendly: newbies don't always know beforehand such things. An experienced user will probably check the bug tracker by its own, but a newbie wouldn't know. Of course, as they acknowledge it, they did put more warnings in some places, like the wiki. Stating most of the issues. Also, knowing ahead of time is a way to make an informed decision about being ready for testing.

                          Comment


                          • #14
                            [QUOTE=andydread;352868]
                            Originally posted by LinuxGamer View Post
                            "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

                            --snip

                            This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?
                            Yes it was and You had to compile the kernel with the CONFIG_PERF_EVENTS and it was well known by Developers/Hackers you can use unsafe flags today to compile the kernel or BSD and you don't want Noob's Jumpping in to Testing Unsafe Software remember the Mir wiki is miss leading in this case to newb's

                            Comment

                            Working...
                            X