Announcement

**Sethox** · 12 July 2022, 09:49 AM

I could celebrate that this puts people off X11 more but really, I just want to know if this affects XWayland too.

**ireri** · 12 July 2022, 09:57 AM

In case anyone only read the title ^{(possibly dude above)}:

Fixes for these vulnerabilities have been patched

**Volta** · 12 July 2022, 10:14 AM

Originally posted by ireri View Post

In case anyone only read the title ^{(possibly dude above)}:

And? How many of the dozens of new vulnerabilities are waiting to be discovered in Xorg?

**kpedersen** · 12 July 2022, 10:19 AM

Originally posted by Volta View Post

And? How many of the dozens of new vulnerabilities are waiting to be discovered in Xorg?

Indeed. And in Linux!

privilege elevation on systems where the X.Org Server is running privileged
[...]
Hopefully though in 2022 you aren't relying on your xorg-server running as root.

Can anyone point me towards any OS / distro that is *still* running Xorg (or Wayland) as a privileged user in the last decade? They need to be seriously retired and people should update their installs to something saner like... well pretty much anything else!

Out of interest though; when something like this exists in the Wayland ecosystem, how will issues like this be found and updated in *every* compositor? They will only end up focusing on one or two (Gnome, Sway?) and leave all the others as "unsupported scenarios". That is going to be terrible. Imagine still having 20 different Xservers, some might share broken code, some don't, some are audited regularly, some aren't. A mess. It should almost become a legal requirement to have some central dependence on wl_roots to help control the chaos.

**V1tol** · 12 July 2022, 10:22 AM

Originally posted by kpedersen View Post

Indeed. And in Linux!

And in Wayland let's be fair

**JustK** · 12 July 2022, 10:27 AM

Originally posted by Sethox View Post

I could celebrate that this puts people off X11 more but really, I just want to know if this affects XWayland too.

Yes, it's also fixed in version XWayland-22.1.3 --> https://lists.x.org/archives/xorg/2022-July/061037.html

**ssokolow** · 12 July 2022, 10:41 AM

Originally posted by kpedersen View Post

Can anyone point me towards any OS / distro that is *still* running Xorg (or Wayland) as a privileged user in the last decade? They need to be seriously retired and people should update their installs to something saner like... well pretty much anything else!

*buntu + nVidia, apparently. From what I've seen in the bug tracker, enabling the nVidia driver's KMS support to allow Xorg to run rootless causes crashes in various Xorg sessions.

**brad0** · 12 July 2022, 10:49 AM

Originally posted by V1tol View Post

And in Wayland let's be fair

And in practically everything.

**rene** · 12 July 2022, 10:50 AM

updated https://www.youtube.com/watch?v=NeFdMvFFIts

Announcement

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment