as far as I understand this its not about kernel, its about destkop linux and xrog stack and some file permissions so this has nothing to do with kernel... thats very importent btw... because that would be really big problems if in this section security would not be good, but instead its best maybe freebsd is better or not dont know about that... but its better than windows or macosx so there we have no problem.
Originally Posted by Pallidus
The point is there are half a million lines of code in xorg server which is a basicly death cow that nobody had yet the guts to give him the last honor of a headshot...
so 0.5 million lines of code there are in the xorg mailing list 80 messages in 24 days thats 3 messages per day... the kernel mailing list has around 400 messages per day. so if I take this number I could guess that 130x so much developers involved.
the linux 3.2 kernel had 15 mio lines of code... so you have 15mio / 400 = 37.500 per X devs vs 0.5 / 3 = 166.666 per X devs that means that each xorg developer has to manage 4-5 times the lines of code.
And I guess the messages from non-developers in xorg mailing list is way higher than in the kernel mailing list. So you cant think that the quality of this old peace of software can have the same quality. But at least they fixed that told bugs very fast.
It will become better because at the moment wayland has 1/50 amount of code than xorg has, that factor will change of course when wayland is able to do more... but it will propably never reach 1/1, else this project would be stupid
and btw there were file permissions mentioned isnt that a thing that the distros should make right?
Last edited by blackiwid; 05-24-2013 at 06:06 PM.
Is there any valid reason that Xorg runs as root?
yes you dont send a good patch :P
Originally Posted by johnc
wayland will be able to run as non-root. so let xorg die peacefully let it go :P
No. Security is not a static thing that you can get all at once and be done. Making your software secure requires you to think of every possible avenue of attack now known or to be invented in the future, and preparing for every possible change that may happen in the environment around you. Breaking security requires finding just one thing the developers didn't think up.
Originally Posted by schmidtbag
In reality, people think of new avenues of attack, software environments change, hardware evolves, and you have to adapt your software to stay secure amongst that.
In this case there were a number of factors - a large part was previous X developers simply didn't think much about this attack pattern: in their original design, the X server was the process with ran with higher privileges in order to access the hardware devices, and you had to protect it from attacks by clients trying to exploit those privileges. It was only in later X11 releases that various forms of virtual X server (Xnest, Xvfb, Xvnc, Xephyr, etc.) appeared which could be run without privileges, and thus turned the tables. Unfortunately, until this, no one thought to audit the X client libraries to protect privileged clients from a malicious virtual X server.
Another factor is that a number of these attacks require you to make the client allocate a gig or 2 of RAM to allocate. When I first used X it was on a Sun 3/50 with 4mb of RAM - having a single client allocate more memory than was available if you combined the entire lab of workstations was ludicrous. Now I'm typing this in X on a system with 12gb of RAM, and was able to reproduce quite a few of these issues. Others included assumptions that made sense when your software was 32-bit, that failed to hold up when ints, longs, and pointers aren't all the same size any more.
Even in 2013, when reviewing these, a lot of them were non obvious unless you had the source in one window, the protocol headers in another and the protocol spec in a third. This was tedious work to cross-reference and confirm or refute each report, and even so a number ended up at the point where we weren't sure it was definitely exploitable, but we were sure there are smarter people than us in the world, and if just one of them can figure out an exploit, our users would be screwed, so we had to assume the worst case.
Yes, nvidia drivers are great for nvidia. The best drivers one can get on Linux for all activities, for nvidia. Yes, optimus is coming, after (3 years?) "soon". They are not opensource, but its not too bad, because they work since long ago and even now.
Originally Posted by Sverro2
That said, radeon driver is great for amd. The best driver one can get on Linux for all activities, for amd. Yes, dynamic power management is coming, after (3 years?) "soon". They are still not OpenGL4.3, but its not too bad, because they are opensource and become very fast now.
And, finally, intel driver is great for intel. The best driver one can get on Linux for all activities, for intel. Yes, gallium version is coming, after (3 years?) "soon". They are still not performing well due to weak hardware, but its not too bad, because they are opensource too and Haswell is coming now.
Thank You alanc. It seems like you are getting some flack on this thread, but no worries. You are doing exactly the right thing. I clearly don't have the experiebce you have, but I been saying the same thing for a long time. A flaw is a flaw, and an exploit is taking advantage of a flaw. So you don't really look for the exploit, you look for the flaw. But first you have to define what a flaw is.
Hunting for security holes is a very difficult thing to do. Clearly you have the skill and experience to do it well. Keep up the good work.
Given the history and complexity of X, that couldn't have been too pleasant...
Originally Posted by alanc
A bit off-topic, but I'm disappointed that it's a PPT... Pretty much anything is better than that. ODP is an open standard, and PDFs work on pretty much every device out there. Even PPTX would have been better, because it's at least XML-based, and not binary.
Originally Posted by DaVince
What can I say? Its better to be right than BO$$....
Originally Posted by BO$$
And you seem to have a REAL hard time distinguishing between the humor parts and the factual parts. Thats probably because M$ zombies have no sense of humor. Time for you to lighten up and stop being such a bag of dicks. That is, unless you're actively TRYING to stress yourself into an early death.
Last edited by droidhacker; 05-27-2013 at 08:12 AM.