Announcement

Collapse
No announcement yet.

More X.Org Security Vulnerabilities Published, Date Back To X11R5

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by philipmorris View Post
    Yes, it has some vulnerabilities, but Wayland/Weston no? are perfect? LOL... Wayland and Weston will have more and dangerous bugs
    Is any sw of much more complexity than "hello world" perfect? No.. Is weston vastly more simple/straightforward than X11? Yes. Is that a good thing from a software security standpoint? Yes. Was wayland developed in an era where security/threat model was very differnt than today? No. Was X11? Yes.

    Comment


    • #17
      Originally posted by smitty3268 View Post
      Then they asked me to prove that a 0 day exploit existed, when i said that the NSA surely had some for OSS just like proprietary.

      I wonder if we're past that now?
      Since Xorg is OSS, even if this took long, this bug was seen and fixed by someone who had no relationship whatsoever with who created it. If it wasn't OSS, this bug would stay unnoticed forever, unless the ghost of some developer from 1991 went back to his former office, took the secret X11 source code from some boxed set of floppy disks and started working on it.

      OSS gives you asymptotic correctness, closed source gives you indefinite exploitability.

      Comment


      • #18
        Originally posted by smitty3268 View Post
        I remember when somebody here spent dozens of posts trying to convince everyone the NSA was spying on us through proprietary software, and Linux was the only solution because they couldn't have access to any zero day exploits on linux, because no such bugs existed in open source software. Then they asked me to prove that a 0 day exploit existed, when i said that the NSA surely had some for OSS just like proprietary.

        I wonder if we're past that now?
        I don't think the whole NSA thing has ever been about zero day exploits in proprietary software but rather built in backdoors.

        Security holes exist because something is broken its like having a window on your house that doesn't shut properly. Backdoors in closed source are more like having the key to your house. Its less likely that open source has these deliberate backdoors.

        Comment

        Working...
        X