Announcement

Collapse
No announcement yet.

Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by mSparks View Post
    X11 is a network protocol that hasnt needed to be changed since the 80s
    "Software that hasn't needed to change in 40 years" is an oxymoron, unless your software is a Pi calculator. Graphics and especially networking software is in perpetual change, especially from bugs as we, as a species, slowly begin to understand the implications of letting software read memory outside of what one single integer defines.

    Originally posted by mSparks View Post
    And no, X11 toolkits like GTK and Qt are most definately not unmaintianable or dead
    ​Xorg is software, it is an implementation. GTK and Qt are toolkits over Xorg.
    You're not going to have your cake and eat it, too. Those toolkits are targeting deprecated software.
    Not even sure what logical fallacy you're attempting to drudge up by saying "well software using this deprecated software is still maintained so therefor the entire stack is maintained"

    Comment


    • #32
      Originally posted by mSparks View Post
      Source
      Wayland is a protocol for a compositor to talk to its clients as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a Wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.


      X11 is a network protocol that hasnt needed to be changed since the 80s
      Source
      That not in fact true. There has been a process of break a feature if no one put in a bug report no body using it so it been removed. There is a lot of the X11 network protocol that has been in fact deleted.

      Yes it you try running a 30 year old X11 network application with 30 old xlib and the like libraries most cases it will not work because it will use something that has been deleted from the modern protocol.
      Last edited by oiaohm; 29 March 2023, 10:31 PM.

      Comment


      • #33
        Originally posted by Ironmask View Post
        "Software that hasn't needed to change in 40 years" is an oxymoron, unless your software is a Pi calculator. Graphics and especially networking software is in perpetual change, especially from bugs as we, as a species, slowly begin to understand the implications of letting software read memory outside of what one single integer defines.



        ​Xorg is software, it is an implementation. GTK and Qt are toolkits over Xorg.
        You're not going to have your cake and eat it, too. Those toolkits are targeting deprecated software.
        Not even sure what logical fallacy you're attempting to drudge up by saying "well software using this deprecated software is still maintained so therefor the entire stack is maintained"
        You seem completely confused.
        xorg is an organisation - x organisation
        they do/manage X11 stuff, a network protocol, that lets you do input/output on any hardware local or remote, it doesn't need to change because it supports extensions when keyboard/mouse/joystick/monitor isn't enough.
        wayland is a simple protocol between application and compositor, mostly aimed at stuff like car displays and kit like the steam deck that need to lock the user out of the device and do their own compositing.
        Last edited by mSparks; 29 March 2023, 10:34 PM.

        Comment


        • #34
          Originally posted by mSparks View Post

          You seem completely confused.
          xorg is an organisation - x organisation
          they do/manage X11 stuff, a network protocol, that lets you do input/output on any hardware local or remote, it doesn't need to change because it supports extensions when keyboard/mouse/joystick/monitor isn't enough.
          wayland is a simple protocol between application and compositor, mostly aimed at stuff like car displays and kit like the steam deck that need to lock the user out of the device and do their own compositing.
          Please read this entire repository's source code before replying: https://github.com/freedesktop/xorg-xserver

          Comment


          • #35
            Originally posted by Ironmask View Post

            Please read this entire repository's source code before replying: https://github.com/freedesktop/xorg-xserver
            please educate yourself on the history of X before digging a deeper hole for yourself


            I feel like this shouldnt need explaining here, but wayland is little more than HDCP over an HDMI cable, x.org and freedesktop provide a full network stack, hardware and infrastructure. Are you really that surprised there is a significant difference in complexity between them?

            Tell me, do you plan on replacing your home media server and all its devices with a couple of HDMI cables, or did you do that already?

            Also, you dont need to go through the git, you can just check


            And see the vuln was already fixed in both xorg-server and xwayland
            Last edited by mSparks; 29 March 2023, 11:36 PM.

            Comment


            • #36
              Originally posted by mSparks View Post

              please educate yourself on the history of X before digging a deeper hole for yourself


              I feel like this shouldnt need explaining here, but wayland is little more than HDCP over an HDMI cable, x.org and freedesktop provide a full network stack, hardware and infrastructure. Are you really that surprised there is a significant difference in complexity between them?

              Tell me, do you plan on replacing your home media server and all its devices with a couple of HDMI cables, or did you do that already?
              I feel like I should tell you that X11 and Xorg are not connector standards. I thought you were using them as analogies before, but, given how attached to that singular analogy you are, I worry that you may literally believe they are interchangeable, which is less than correct.
              I'm not entirely sure what point you're trying to make at this point. Xorg is dying, nobody wants to extend X11, and all you're arguing essentially amounts to "I know all about X11 because I know what HDMI is, therefor if you disagree with me then you're arguing that HDMI shouldn't be replaced", as if you were some sort of stark-raving madman.
              I will say again, every single Xorg developer has abandoned the unmaintainable Xorg source code to work on the Wayland protocol. I know you're going to attempt it, but no amount of comparing a graphical display server to a connector standard is going to magically make the Wayland developers go back to Xorg. I know you won't understand that, and I'm sorry I don't know how to make you understand it.

              Comment


              • #37
                Originally posted by mSparks View Post
                You seem completely confused.
                xorg is an organisation - x organisation
                they do/manage X11 stuff, a network protocol, that lets you do input/output on any hardware local or remote, it doesn't need to change because it supports extensions when keyboard/mouse/joystick/monitor isn't enough.
                wayland is a simple protocol between application and compositor, mostly aimed at stuff like car displays and kit like the steam deck that need to lock the user out of the device and do their own compositing.

                Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.


                Page 143-146 is a good read. One of the many examples where the X11 protocol is busted for doing input correctly. There are other examples of busted in that pdf/video.

                The reality Wayland starts because X11 protocol is broken. The two parties that start Wayland are both highly experienced X11 developers who were part of the X11 protocol delete process trying to cut the thing down and get to something workable.

                Yes daniels in that presentations is a developer who used with work with nokia so embedded is more well known. This does not change the case that there are not solvable design faults in the X11 protocol that solving them equals breaking backwards compatibility.

                168-175 yes this end with "your guess is as good as mine" because this is X11 protocol form of undefined behavior but worst nightmare is undefined behavior users end up using. X11 protocol there is only 1 slot to define what version of the X11 protocol to send to the application and that example is different parts of a single application ask for different X11 versions. Remember the 1 place to store the value of version wanted so 4 different versions requested only 1 of them is going to be getting what they requested hope the different 3 application parts can cope with getting the wrong data.

                The developers that started Wayland do have more embedded background than desktop so some of their bias do come though. That does not change that X11 protocol more works because we just ignore all the things that don't in fact work.

                Worst part is people claims that X11 has advantage over Wayland for a feature that has not worked by X11 protocol for 20-30 years and at worst some cases never has worked because when feature was added to the X11 protocol it was busted and never fixed.

                Comment


                • #38
                  Originally posted by mSparks View Post
                  I feel like this shouldnt need explaining here, but wayland is little more than HDCP over an HDMI cable, x.org and freedesktop provide a full network stack, hardware and infrastructure. Are you really that surprised there is a significant difference in complexity between them?
                  No Wayland protocol and X11 protocol are both protocols designed the same kind of ways.

                  Full network stack mandated to always be there by the X11 protocol is this a good thing? Lead developer of wayland demoed the idea of Waypipe first. Waypipe idea does make more sense than the X11 protocol model mandating embedded networking.

                  Originally posted by mSparks View Post
                  Tell me, do you plan on replacing your home media server and all its devices with a couple of HDMI cables, or did you do that already?

                  Daniel Stone did media server for a complete aircraft. X11 protocol is not dependable enough really to be used for home media centre or steamdeck or many other things.

                  Lot of Wayland focus on security is to get some form of protocol that is somewhat trust-able.

                  Comment


                  • #39
                    Originally posted by oiaohm View Post


                    Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.


                    Page 143-146 is a good read. One of the many examples where the X11 protocol is busted for doing input correctly. There are other examples of busted in that pdf/video.

                    The reality Wayland starts because X11 protocol is broken. The two parties that start Wayland are both highly experienced X11 developers who were part of the X11 protocol delete process trying to cut the thing down and get to something workable.

                    Yes daniels in that presentations is a developer who used with work with nokia so embedded is more well known. This does not change the case that there are not solvable design faults in the X11 protocol that solving them equals breaking backwards compatibility.

                    168-175 yes this end with "your guess is as good as mine" because this is X11 protocol form of undefined behavior but worst nightmare is undefined behavior users end up using. X11 protocol there is only 1 slot to define what version of the X11 protocol to send to the application and that example is different parts of a single application ask for different X11 versions. Remember the 1 place to store the value of version wanted so 4 different versions requested only 1 of them is going to be getting what they requested hope the different 3 application parts can cope with getting the wrong data.

                    The developers that started Wayland do have more embedded background than desktop so some of their bias do come though. That does not change that X11 protocol more works because we just ignore all the things that don't in fact work.

                    Worst part is people claims that X11 has advantage over Wayland for a feature that has not worked by X11 protocol for 20-30 years and at worst some cases never has worked because when feature was added to the X11 protocol it was busted and never fixed.
                    nothing that may or may not work on xorg-server impact my PC use, VR, remote desktop, screenrecording, vulkan, opengl gnome kde all work flawlessly for me.
                    Wayland, OTOH... even the stuff that does half work now like video streaming or remote desktop is an utter disaster.

                    I mean sure, X11 is a terrible, terrible choice for an in car entertainment system or games console, but that doesn't make wayland a sensible replacement for org-server in any other circumstance.

                    There is a difference between saying you can do better and actually doing better, and currently wayland is doing everything at best a little worse and in many important cases not at all.

                    The single key benefit I see repeated for wayland is it prevents keyloggers...... I call BS on that one. and anyway being able to easily share the desktop state between applications and processes, take screenshots and the rest of the things that are made intentionally hard or impossible on wayland are good things on a desktop PC.

                    Comment


                    • #40
                      Originally posted by skeevy420 View Post

                      So enough about Python, what about Rust?
                      I'm not fond of people mistaking python for anything more than an extensible framework either.

                      Comment

                      Working...
                      X