Announcement

Collapse
No announcement yet.

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

    Phoronix: X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

    Getting things started for this "Patch Tuesday" are the disclosure of two new X.Org Server vulnerabilities...

    https://www.phoronix.com/scan.php?pa...ly-12-Security

  • #2
    I could celebrate that this puts people off X11 more but really, I just want to know if this affects XWayland too.

    Comment


    • #3
      In case anyone only read the title (possibly dude above):

      Fixes for these vulnerabilities have been patched

      Comment


      • #4
        Originally posted by ireri View Post
        In case anyone only read the title (possibly dude above):
        And? How many of the dozens of new vulnerabilities are waiting to be discovered in Xorg?

        Comment


        • #5
          Originally posted by Volta View Post

          And? How many of the dozens of new vulnerabilities are waiting to be discovered in Xorg?
          Indeed. And in Linux!

          privilege elevation on systems where the X.Org Server is running privileged
          [...]
          Hopefully though in 2022 you aren't relying on your xorg-server running as root.
          Can anyone point me towards any OS / distro that is *still* running Xorg (or Wayland) as a privileged user in the last decade? They need to be seriously retired and people should update their installs to something saner like... well pretty much anything else!

          Out of interest though; when something like this exists in the Wayland ecosystem, how will issues like this be found and updated in *every* compositor? They will only end up focusing on one or two (Gnome, Sway?) and leave all the others as "unsupported scenarios". That is going to be terrible. Imagine still having 20 different Xservers, some might share broken code, some don't, some are audited regularly, some aren't. A mess. It should almost become a legal requirement to have some central dependence on wl_roots to help control the chaos.
          Last edited by kpedersen; 12 July 2022, 10:30 AM.

          Comment


          • #6
            Originally posted by kpedersen View Post
            Indeed. And in Linux!
            And in Wayland let's be fair

            Comment


            • #7
              Originally posted by Sethox View Post
              I could celebrate that this puts people off X11 more but really, I just want to know if this affects XWayland too.
              Yes, it's also fixed in version XWayland-22.1.3 --> https://lists.x.org/archives/xorg/2022-July/061037.html

              Comment


              • #8
                Originally posted by kpedersen View Post
                Can anyone point me towards any OS / distro that is *still* running Xorg (or Wayland) as a privileged user in the last decade? They need to be seriously retired and people should update their installs to something saner like... well pretty much anything else!
                *buntu + nVidia, apparently. From what I've seen in the bug tracker, enabling the nVidia driver's KMS support to allow Xorg to run rootless causes crashes in various Xorg sessions.
                Last edited by ssokolow; 12 July 2022, 10:49 AM.

                Comment


                • #9
                  Originally posted by V1tol View Post
                  And in Wayland let's be fair
                  And in practically everything.

                  Comment


                  • #10
                    updated https://www.youtube.com/watch?v=NeFdMvFFIts

                    Comment

                    Working...
                    X