Announcement

Collapse
No announcement yet.

X.Org Server Hit By New Local Privilege Escalation Vulnerability

Collapse
X
Collapse
 
  • Page of 20
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 11 20 template Next
  • #1

    X.Org Server Hit By New Local Privilege Escalation Vulnerability

    Phoronix: X.Org Server Hit By New Local Privilege Escalation Vulnerability

    The X.Org Server keeps on giving when it comes to security vulnerabilities with its massive, aging, and ill-maintained code-base. Disclosed on Monday night was CVE-2023-0494 as the latest security advisory and another discovery by the Trend Micro Zero Day Initiative...

    X.Org Server Hit By New Local Privilege Escalation Vulnerability - Phoronix
    https://www.phoronix.com/news/X.Org-Server-CVE-2023-0494
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    More 🍿 anyone?
    • Likes 19

    Comment

    • #3
      They should rewrite it in rust
      • Likes 26

      Comment

      • #4
        Originally posted by etam View Post
        They should rewrite it in rust
        They shouldn't rewrite it in anything, they should let it die.
        • Likes 32

        Comment

        • #5
          Originally posted by jacob View Post

          They shouldn't rewrite it in anything, they should let it die.
          New code tends to be less secure than mature code, so replacing it is a recipe for more security issues.
          • Likes 4

          Comment

          • #6
            I feel like I had an epiphany. Imagine creating an AI project that can translate programming languages (from one to another), a kickstarter (because you know it wont be perfect) of sorts for the rewrite to rust. The rust will spread like no other and the name literally will live up to it's real life counter-part.
            • Likes 8

            Comment

            • #7
              Originally posted by ryao View Post

              New code tends to be less secure than mature code, so replacing it is a recipe for more security issues.
              Well in this instance it is the "mature" code that has security issues. Besides what you say isn't necessarily true, it all depends on what assumptions (if any) regarding security were made when the respective codebase were developed, and how they relate to present security threats. Taking that logic to the extreme, telnet was very "mature" when ssh appeared. It also didn't provide any security assurance whatsoever.
              • Likes 14

              Comment

              • #8
                Originally posted by jacob View Post
                They shouldn't rewrite it in anything, they should let it die.
                They should replace it with a secure display server protocol that takes 20-30 years to roll out to most users. Because there's such an extreme sense of urgency. Any more than 30 years would be unacceptable.
                • Likes 10

                Comment

                • #9
                  Let's keep this civil and avoid the usual flame war. OK?
                  • Likes 9

                  Comment

                  • #10
                    Originally posted by jacob View Post

                    Well in this instance it is the "mature" code that has security issues. Besides what you say isn't necessarily true, it all depends on what assumptions (if any) regarding security were made when the respective codebase were developed, and how they relate to present security threats. Taking that logic to the extreme, telnet was very "mature" when ssh appeared. It also didn't provide any security assurance whatsoever.
                    exactly.

                    when XFree86 and X11 (and later Xorg) were developed, the word "security" had a completely different weight and meaning than today.
                    Also, both the technological and social context were very different.

                    source: I'm old
                    • Likes 14

                    Comment

                    Previous 1 2 3 4 11 20 template Next
                    Working...
                    X