Announcement

Collapse
No announcement yet.

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

    Phoronix: Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

    CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I enjoy the classics.

    Comment


    • #3
      Good ol' X Server strikes again

      Comment


      • #4
        Affects XWayland too. So Wayland users should be affected too, because Wayland without XWayland simply does not work for 99 % of users. If it works for you you are in that 1 % and do not quote me on this.
        Last edited by t1r0nama; 29 October 2024, 02:13 PM.

        Comment


        • #5
          I love C codebases

          Comment


          • #6
            Originally posted by t1r0nama View Post
            Affects XWayland too. So Wayland users should be affected too, because Wayland without XWayland simply does not work for 99 % of users. If it works for you you are in that 1 % and do not quote me on this.
            Does anybody run Wayland sessions as root though?

            Comment


            • #7
              I bet that the Linux Mint users will again not give a fuck about it as they trust their luck-based security protection!
              The fact that Linux Mint is a distro that just works it's enough for them to not care about any security vulnerability.

              What's worse, it's the fact that them an others still recommend Linux Mint like crazy to new people conveniently hiding the fact that because of X, it's one of the Linux distros with the weakest privacy and security protection!

              Congratulations and many thanks to people using and recommending way more safer distros and DEs like OpenSUSE, Fedora, Debian with KDE Plasma or Gnome!

              Comment


              • #8
                Its more of a privilage "de-escalation". The _xorg privilege separated user is very limited and people haven't run Xorg as root for decades.

                This is fine (albeit a silly error). Luckily Xorg is maintained. Once fixed, every X11 WM and program will benefit automatically.

                This is why Wayland compositors duplicating basic work are such a problem. wlroots resolves this somewhat but there are many compositors that don't use that (because it hardly has a stable API in comparison to the X11 ecosystem).

                Originally posted by tildearrow View Post

                Does anybody run Wayland sessions as root though?
                ​The same weirdos that run Xorg as root are probably the same guys running Wayland sessions as root.
                Last edited by kpedersen; 29 October 2024, 02:49 PM.

                Comment


                • #9
                  Originally posted by kpedersen View Post
                  people haven't run Xorg as root for decades.
                  What? AFAIK rootless Xorg did not become a real thing until ~5 years in GNOME land and a year or so ago in KDE land (SDDM only acquired the relevant functionality with 0.20.0). So, unless you mean something else and/or I'm misunderstanding something, most people were certainly running rootful Xorg up until less than a single decade ago, let alone multiple decades.

                  Comment


                  • #10
                    Dirt-old piece of garbage X11 strikes again. What a surprise. Not.

                    Comment

                    Working...
                    X