Announcement

Collapse
No announcement yet.

XMir Has A Big Security Problem With VT Switching

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Originally posted by robclark View Post
    Fair enough, it isn't a remotely exploitable issue. But still, it is an issue where an end user can exploit themselves without even realizing it. And a known issue, at that. It seems irresponsible to encourage users to install/test/use with this sort of known issue.
    Indeed, and that's the point of Matthew in his blog post.
    The bug is not a problem in itself because it is known and it will be fixed before Xmir becomes default in 13.10 (so before the end of next week).
    The problem is that this issue was arguably not documented enough for the enthusiasts who are testing Xmir in the mean time.

    The issue was indeed documented: https://lists.ubuntu.com/archives/ub...st/037572.html (see near the end, in the known issues list)
    Matthew just expected a kind of big red warning at Mir startup.
    Last edited by Malizor; 22 August 2013, 06:33 PM.

    Comment


    • #42
      Originally posted by MrTheSoulz View Post
      check phoronix for the latest kernel security issue....
      it was there for YEARS and no one knew, we dont even know how many time it was exploited...
      you cant win this war dude, just give up, every thing has security issues...
      new software is gonna be more insecure thats a fact

      EDIT:
      did u even know X is fill with security issues?
      yes Xorg sucks but Xmir sucks even more eww

      Comment


      • #43
        Originally posted by LinuxGamer View Post
        yes Xorg sucks but Xmir sucks even more eww
        dude...
        *facepalm* your have mental issues i bet

        Comment


        • #44
          Originally posted by MrTheSoulz View Post
          dude...
          *facepalm* your have mental issues i bet
          Albert Einstein was called crazy too or said to have mental issues we all have some type of "mental issues" do we not?

          Comment


          • #45
            Originally posted by LinuxGamer View Post
            Albert Einstein was called crazy too or said to have mental issues we all have some type of "mental issues" do we not?
            The fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.
            -Carl Sagan

            Comment


            • #46
              Originally posted by TheBlackCat View Post
              The fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright brothers. But they also laughed at Bozo the Clown.
              -Carl Sagan
              And Mark Shuttleworth is Bozo the Clown of the Linux World

              Comment


              • #47
                Originally posted by robclark View Post
                actually he is a developer who has done a lot of work on input, among other things. I'd tend to think he actually knows what he is talking about on this subject ;-)
                Past history of the Mir project has not given us any reason to think any such thing... remember, the supposed reason for the Mir project was a "misunderstanding" of how Wayland's input system wasn't very secure. Oh, the irony...

                Comment


                • #48
                  Originally posted by Delgarde View Post
                  Past history of the Mir project has not given us any reason to think any such thing... remember, the supposed reason for the Mir project was a "misunderstanding" of how Wayland's input system wasn't very secure. Oh, the irony...
                  agreed, I was referring to what daniels (xorg and wayland developer) said :-)

                  Comment


                  • #49
                    Originally posted by LinuxGamer View Post
                    And Mark Shuttleworth is Bozo the Clown of the Linux World
                    +1

                    As for (X)Mir, I'm looking forward to the critical, show-stopping, release date bugs. Those are really fun.

                    Comment


                    • #50
                      This bug is symbolic

                      To those who don't get it: obviously Canonical is going to fix this bug before it's released. But how many others are they going to miss, if they've left something like this out there for so long?

                      When Mir was first announced, my first thought was: really? Canonical is going to do this by themselves, with no outside help? Are they really going to be able to make it bug free, will they have someone reviewing security issues, etc.?

                      All the Ubuntu fans were sure it wouldn't be a problem.

                      And now we get this.

                      I'm not going to say Canonical can't be successful with Mir, but this is exactly the kind of issue a lot of people were foreseeing would come up, and I'm not sure it's going to be the only one.

                      Obvious security flaws are easy to fix. It's the complicated ones that are difficult to discover that lie around forever and cause problems.

                      Comment

                      Working...
                      X