Announcement

Collapse
No announcement yet.

X.Org Server 21.1.2 Released With Security Fixes, Back To Pretending All Displays Are 96 DPI

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server 21.1.2 Released With Security Fixes, Back To Pretending All Displays Are 96 DPI

    Phoronix: X.Org Server 21.1.2 Released With Security Fixes, Back To Pretending All Displays Are 96 DPI

    Following yesterday'sdisclosure of four new X.Org Server security vulnerabilities that could lead to local privilege escalation, X.Org Server 21.1.2 is now available with those security fixes plus other changes...

    https://www.phoronix.com/scan.php?pa...-Server-21.1.2

  • #2
    Nice.

    Starting off the thread with good vibes.

    Comment


    • #3
      It's xorg. it's old and buggy. None of this should come as a surprise or be very provocative.

      Hopefully the transition to wayland goes quickly and smoothly, and it serves as a worthy replacement.

      Comment


      • #4
        Originally posted by perpetually high View Post
        Nice. Starting off the thread with good vibes.
        Michael already killed the good vibes with that picture attached to the article. It's like attaching a sign to your car's tire that says "Technology from 4000BC for my twin turbo car."

        Comment


        • #5
          With Wayland, we need code audits for every single compositor...

          Comment


          • #6
            Typo:

            Originally posted by phoronix View Post
            Phoronix: X.Org Server 21.1.2 Released With Security Fixes, Back To Pretending All Displays Are 96 DPI

            Following yesterday'sdisclosure of four new X.Org Server security vulnerabilities that could lead to local privilege escalation, X.Org Server 21.1.2 is now available with those security fixes plus other changes...

            https://www.phoronix.com/scan.php?pa...-Server-21.1.2
            The hopeful fix for NVIDIA users...

            Comment


            • #7
              Originally posted by aufkrawall View Post
              With Wayland, we need code audits for every single compositor...
              1. You still need code audits for every single Xorg compositor/desktop stack by that logic so Wayland actually means less code to audit.
              2. While wayland software can of course still have holes, Wayland as a protocol actually cares about security so entire classes of attacks that affect X.org because of its inherent architecture are not a problem on Wayland.

              Hell, Wayland's superior security has actually caused people to gripe about things like screenshot/screencasting applications that are harder (but not impossible) to implement because Wayland by default doesn't let each window scrape data from every other window.

              Comment


              • #8
                Originally posted by chuckula View Post

                1. You still need code audits for every single Xorg compositor/desktop stack by that logic so Wayland actually means less code to audit.
                2. While wayland software can of course still have holes, Wayland as a protocol actually cares about security so entire classes of attacks that affect X.org because of its inherent architecture are not a problem on Wayland.

                Hell, Wayland's superior security has actually caused people to gripe about things like screenshot/screencasting applications that are harder (but not impossible) to implement because Wayland by default doesn't let each window scrape data from every other window.
                Problem is Wayland cares too much about security that it lacks basic interfaces such as standardized display resolution query and set, global hotkeys and data query (like mouse position, window names/positions and stuff)...
                Only macOS got this right by allowing this while being secure by having a permission system.

                Comment


                • #9
                  Originally posted by tildearrow View Post
                  basic interfaces such as standardized display resolution query and set, global hotkeys and data query (like mouse position, window names/positions and stuff)
                  We'll get that by 2040, probably maybe.

                  Comment


                  • #10
                    Technology from 1980 that actually gets the job done.

                    Comment

                    Working...
                    X