Originally posted by ReaperX7
View Post
Pays to read.
Short version. You know that different endianness support between client and server with X11 protocol we decided to allow history in way that can be changed at any time turns out to be a down right horrible idea and you should simple disable. Of course users disable because they have some application they want to use.
Once you start doing all the recommendations to configure X11 to be secure like disable the endianess problem turn on XACE with selinux and so on the result is your X11 solution basically totally not usable.
The fixes to lots of X11 server security problems is know. The problem here is the fix to X11 protocol security problems end up being X11 protocol breaking equaling your applications don't work any more.
The idea of could have easily fixed with X11 is because you have never used a secured version of X11 where it questionable if move a window will work let alone anything else..
Comment