Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: X Server Security Disaster: "It's Worse Than It Looks"

  1. #1
    Join Date
    Jan 2007
    Posts
    14,822

    Default X Server Security Disaster: "It's Worse Than It Looks"

    Phoronix: X Server Security Disaster: "It's Worse Than It Looks"

    There's X.Org Server security vulnerabilities -- even for vulnerabilities going back two decades -- from time to time and in related components of the Linux graphics stack. Parts of the X.Org stack can be in fairly rough shape given the age of X11, but a very poor picture of it was painted at the Chaos Communication Congress. It was stated that the X.Org security is even worse than it looks...

    http://www.phoronix.com/vr.php?view=MTU1NzA

  2. #2
    Join Date
    May 2012
    Posts
    814

    Default

    We should give X.Org another shot, in the back of the head, die!

  3. #3
    Join Date
    Jul 2013
    Posts
    3

    Default

    At least the monstrocity known as X.org is finally going away. X.org sucked from day #1, but it was the first and only available free display server, so it became "standard".

  4. #4
    Join Date
    Feb 2008
    Location
    California
    Posts
    79

    Default

    Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."

  5. #5
    Join Date
    Jan 2009
    Location
    Outthere, NSW, Australia
    Posts
    382

    Default

    Quote Originally Posted by alanc View Post
    Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."
    I've always been of the opinion 'Never think you're 100%. Just do what you can to reduce the attack vector's' and I can sleep at night.

    Thankfully I'm not in charge of a security team, otherwise I'd probably have been given the arse long ago!

  6. #6
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,892

    Default

    Quote Originally Posted by alanc View Post
    Really though, if you look at the other 30C3 stories, the overall theme is "The security of all tech is worse than you think."
    Isn't that pretty much true though... for all eternity? You make things as good as you can and then do your best to keep pace with the "enemy" (quotes because I dont think its a particularly valid term, but nothing fit better)

    I'm sure Wayland and Mir will have their fair share of security snaffoo's, just as all projects will. I'm about to check out the actual presentation, but just reading Michael's article and reading your own post to the mailing list Alan, my initial impression is: "writing a monolithic psuedo-OS monstrosity who's core hasn't changed in 30yrs is a bad idea!" news at 11.

  7. #7
    Join Date
    Jan 2010
    Location
    Somewhere in Kansas.
    Posts
    263

    Default

    Just watched the video. Headline should of said "Several 0 day Qt exploits that Qt devs won't fix and don't care if they are made public".

  8. #8
    Join Date
    Dec 2011
    Posts
    31

    Default Hoping for Wayland

    Sorry to hear about X.org's security issues, but hopefully it will provide even more impetus to get Wayland installed as the default graphics system as soon as possible.

    The big move from X to Wayland will arguably be the most important change ever to hit Linux. As so many applications will have to be rewritten to take full advantage of Wayland, the move will be a bit traumatic, but worth it I think.

  9. #9
    Join Date
    Nov 2013
    Posts
    43

    Default

    Quote Originally Posted by Candide View Post
    The big move from X to Wayland will arguably be the most important change ever to hit Linux. As so many applications will have to be rewritten to take full advantage of Wayland, the move will be a bit traumatic, but worth it I think.
    For a normal software, shouldn't it be enough to change to the Wayland version of your widget toolkit?

  10. #10
    Join Date
    May 2013
    Posts
    537

    Default How many of these are REMOTE vulnerabilites

    Quote Originally Posted by phoronix View Post
    Phoronix: X Server Security Disaster: "It's Worse Than It Looks"

    There's X.Org Server security vulnerabilities -- even for vulnerabilities going back two decades -- from time to time and in related components of the Linux graphics stack. Parts of the X.Org stack can be in fairly rough shape given the age of X11, but a very poor picture of it was painted at the Chaos Communication Congress. It was stated that the X.Org security is even worse than it looks...

    http://www.phoronix.com/vr.php?view=MTU1NzA
    How many of these can be used for an over-the-network attack, assuming that an ssl server is not being run with X11 forwarding and no remote desktop viewing tool is in operation, There is a huge difference between someone who has already booted your computer being able to get root (physical access=root for high secureity work!) and someone able to root your box over the network and past a router.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •