If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Announcement
Collapse
No announcement yet.
X.Org Hit Hard By A Large Batch Of Security Vulnerabilities
I think most distributions still run X-server as root.
It recently became possible to run X without root in Arch with the help of systemd-logind and using FOSS KMS drivers. However, it appears to only work if you launch the X instance from the console and doesn't yet support login managers like GDM or KDM.
So security auding is pretty important for X. Good thing they found this batch of security holes and patched them.
Nobody cared 20 years ago since they apparently knew that Linux isn't a very popular platform and with it's low marketshare it becomes an unimportant target for hackers. (Disregarding the fact that it is one of the most popular OS among hackers to actually use, derp.)
But now that it's growing in popularity and we have Steam Machines around the corner, this just won't do much longer. Wayland, get over here!
Nobody cared 20 years ago since they apparently knew that Linux isn't a very popular platform and with it's low marketshare it becomes an unimportant target for hackers. (Disregarding the fact that it is one of the most popular OS among hackers to actually use, derp.)
But now that it's growing in popularity and we have Steam Machines around the corner, this just won't do much longer. Wayland, get over here!
Actually 20 years ago X was safe, as the cards back then were behind MMU's preventing access to unassigned memory.
Then the pc stepped in, and threw all security away in X, because video cards for the PC were made without MMU.
Then XFree was build based on the PC security (==none).
These days security can be reintroduced thanks to IOMMU's. (remember the hacks of the xbox using shaders? a video card is a good attack vector).
Of course, X11 needs to be resecured. Maybe as a client on wayland.
Then we can move all security problems to wayland.
Still the best way to secure a system is to fallback completely to stupid framebuffers.
Actually 20 years ago X was safe, as the cards back then were behind MMU's preventing access to unassigned memory.
Then the pc stepped in, and threw all security away in X, because video cards for the PC were made without MMU.
Then XFree was build based on the PC security (==none).
These days security can be reintroduced thanks to IOMMU's. (remember the hacks of the xbox using shaders? a video card is a good attack vector).
Of course, X11 needs to be resecured. Maybe as a client on wayland.
Then we can move all security problems to wayland.
Still the best way to secure a system is to fallback completely to stupid framebuffers.
This is totally irrelevant. These security flaws are 100% on code running on the CPU, and nothing at all to do with GPUs.
Comment