Announcement

Collapse
No announcement yet.

X Server Security Disaster: "It's Worse Than It Looks"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • X Server Security Disaster: "It's Worse Than It Looks"

    Phoronix: X Server Security Disaster: "It's Worse Than It Looks"

    There's X.Org Server security vulnerabilities -- even for vulnerabilities going back two decades -- from time to time and in related components of the Linux graphics stack. Parts of the X.Org stack can be in fairly rough shape given the age of X11, but a very poor picture of it was painted at the Chaos Communication Congress. It was stated that the X.Org security is even worse than it looks...

    http://www.phoronix.com/vr.php?view=MTU1NzA

  • #2
    We should give X.Org another shot, in the back of the head, die!

    Comment


    • #3
      At least the monstrocity known as X.org is finally going away. X.org sucked from day #1, but it was the first and only available free display server, so it became "standard".

      Comment


      • #4
        Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."

        Comment


        • #5
          Originally posted by alanc View Post
          Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."
          I've always been of the opinion 'Never think you're 100%. Just do what you can to reduce the attack vector's' and I can sleep at night.

          Thankfully I'm not in charge of a security team, otherwise I'd probably have been given the arse long ago!
          WEEEEEEEE!

          Comment


          • #6
            Originally posted by alanc View Post
            Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."
            Isn't that pretty much true though... for all eternity? You make things as good as you can and then do your best to keep pace with the "enemy" (quotes because I dont think its a particularly valid term, but nothing fit better)

            I'm sure Wayland and Mir will have their fair share of security snaffoo's, just as all projects will. I'm about to check out the actual presentation, but just reading Michael's article and reading your own post to the mailing list Alan, my initial impression is: "writing a monolithic psuedo-OS monstrosity who's core hasn't changed in 30yrs is a bad idea!" news at 11.

            Comment


            • #7
              Just watched the video. Headline should of said "Several 0 day Qt exploits that Qt devs won't fix and don't care if they are made public".

              Comment


              • #8
                Hoping for Wayland

                Sorry to hear about X.org's security issues, but hopefully it will provide even more impetus to get Wayland installed as the default graphics system as soon as possible.

                The big move from X to Wayland will arguably be the most important change ever to hit Linux. As so many applications will have to be rewritten to take full advantage of Wayland, the move will be a bit traumatic, but worth it I think.

                Comment


                • #9
                  Originally posted by Candide View Post
                  The big move from X to Wayland will arguably be the most important change ever to hit Linux. As so many applications will have to be rewritten to take full advantage of Wayland, the move will be a bit traumatic, but worth it I think.
                  For a normal software, shouldn't it be enough to change to the Wayland version of your widget toolkit?

                  Comment


                  • #10
                    How many of these are REMOTE vulnerabilites

                    Originally posted by phoronix View Post
                    Phoronix: X Server Security Disaster: "It's Worse Than It Looks"

                    There's X.Org Server security vulnerabilities -- even for vulnerabilities going back two decades -- from time to time and in related components of the Linux graphics stack. Parts of the X.Org stack can be in fairly rough shape given the age of X11, but a very poor picture of it was painted at the Chaos Communication Congress. It was stated that the X.Org security is even worse than it looks...

                    http://www.phoronix.com/vr.php?view=MTU1NzA
                    How many of these can be used for an over-the-network attack, assuming that an ssl server is not being run with X11 forwarding and no remote desktop viewing tool is in operation, There is a huge difference between someone who has already booted your computer being able to get root (physical access=root for high secureity work!) and someone able to root your box over the network and past a router.

                    Comment

                    Working...
                    X