Announcement

Collapse
No announcement yet.

X.Org's Latest Security Woes Are Bugs In LibX11, Xserver

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Volta View Post

    KDE is quite behind, but Gnome works fine with Wayland.
    That doesn't help me at all

    And yes, you can tell KDE is not exactly in good shape when you see on the login screen: "Plasma Desktop (Wayland) (Wayland)" (sic!) Doesn't leave much hope for what comes after.

    Comment


    • #12
      Originally posted by kpedersen View Post

      Wayland is just a protocol so it is beyond the scope of it to have "security issues". However all the many compositors containing independent implementations of a number of underlying systems that were traditionally provided by a single entity (Xserver) will likely contain issues. This fragmentation will also make it very hard to audit.

      In summary, educate people and move back to the command line!
      Zsh, bash, fish, csh, tcsh, ksh? That fragmentation will make it very hard to audit

      Comment


      • #13
        Originally posted by kpedersen View Post
        Wayland is just a protocol so it is beyond the scope of it to have "security issues".
        A protocol can have security issues, no problem. SSL rings a bell? WEP?

        Comment


        • #14
          Originally posted by bug77 View Post

          That doesn't help me at all

          And yes, you can tell KDE is not exactly in good shape when you see on the login screen: "Plasma Desktop (Wayland) (Wayland)" (sic!) Doesn't leave much hope for what comes after.
          You using Ubuntu? Because with Neon installed on Ubuntu 20.04 my entries include "Plasma (Wayland) (Wayland)" and "Ubuntu on Wayland (Wayland)". It's making me wonder if either SLIM or Ubuntu tacks on (Wayland) to Wayland sessions.

          Comment


          • #15
            Originally posted by skeevy420 View Post

            Zsh, bash, fish, csh, tcsh, ksh? That fragmentation will make it very hard to audit
            I think all the shells in the world. Past and present contain less lines of code than a single Wayland compositor.

            PLUS: The audit would be trivial because, we already know that all but ${THE_ONE_I_USE} are full of errors </troll>

            Comment


            • #16
              Originally posted by kpedersen View Post

              I think all the shells in the world. Past and present contain less lines of code than a single Wayland compositor.

              PLUS: The audit would be trivial because, we already know that all but ${THE_ONE_I_USE} are full of errors </troll>
              Well you would have passed the audit but you picked Oh My Zsh instead of Antigen

              Comment


              • #17
                Originally posted by cynic View Post
                X11/Xorg are products of an ended era. As much as I love them, time has come to let them go and move to Wayland.
                And if security woes were found in Wayland, would you say the exact same?

                Comment


                • #18
                  Originally posted by jonsmirl View Post
                  I agree. The architecture of the Xserver is extremely difficult to secure. Move to a modern design -- Wayland.

                  Xserver is a great piece of work and I have used it for decades. But it comes from a period in time when we didn't have hostile actors continuously trying to locate the tiniest security flaws and exploit them. Wayland greatly reduces the size of the attack surface making it far easier to secure.
                  You're absolutely right. Modern designs are 100% immune to security woes... oh wait.

                  Comment


                  • #19
                    Originally posted by bachchain View Post
                    Unfortunately, until Cinnamon converts, I'm sticking with X.
                    As Cinnamon is just a Gnome Shell with some baked in extensions and a few tweaks, it would be enough to rebase to a more modern Gnome Shell version or just use Gnome with extensions that provide exactly the same.

                    Comment


                    • #20
                      Originally posted by bug77 View Post

                      That doesn't help me at all

                      And yes, you can tell KDE is not exactly in good shape when you see on the login screen: "Plasma Desktop (Wayland) (Wayland)" (sic!) Doesn't leave much hope for what comes after.
                      Its not like thats the only quality issue with KDE. There are big major technical issues ignored since years like the insanely embarrassing point that Kwin still syncs to a timer offset from vblank and thats one of the smaller problems.
                      If you want anything working, not just Wayland, don't use KDE.

                      Comment

                      Working...
                      X