Announcement

Collapse
No announcement yet.

X.Org Libraries Hit By Round Of Security Issues

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by varikonniemi View Post
    Somewhat of a lacking analogy, since gasoline cars can not be run on electricity just by "figuring out an e->g converter". X on wayland is working pretty well in this day and age. Imagine what it could have been already, if wayland actually had a team of dedicated developers opposed to a few talents making it happen?
    You weren't talking about running X on Wayland, you mentioned killing X with fire in one sentence and replacing it in the next. The trouble with putting more people on Wayland is that X development/maintenance would suffer; imagine being told (of a bug in X): "We're not fixing that, you need to leave X and run Wayland instead".

    Comment


    • #22
      Originally posted by varikonniemi View Post
      X on wayland is working pretty well in this day and age.
      And using the exact same set of X libraries that we just fixed all these bugs in. You can't be rid of the X client libraries without being rid of every existing program using them. And for every X program in your distro's package repository there's dozens more you don't see, including a ton of custom apps behind closed doors, doing things like running major subway systems off Motif-based control GUIs.

      Comment


      • #23
        Most of these issues stem from the client libraries trusting the server to send correct protocol data
        That sounds like a terrible idea. I don't think anyone should trust that what the X server sends is good at this point...

        The X.Org security team would like to take this opportunity to remind X client authors that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this.
        Indeed. I really hope something can be done about making more widespread use of polkit, as opposed to visual sudos. Starting with YaST.

        Comment


        • #24
          Originally posted by BO$$ View Post
          People have stuff to do with the computer. They don't want to know about security issues. That is not the reason they bought it.
          Fixed that for you. Now go back to Windows, you deserve to have your machine compromised by exploits nobody knows about and even if they are known maybe Microsoft will fix them next Patch-Tuesday. Well, maybe not, but how should you know?

          Comment


          • #25
            Originally posted by BO$$ View Post
            Hahaha! You don't get it do you? Why would I fix those bugs? The moment linux security turns out to be shit is the moment I'll go back to Windows. Me and a lot of people. Nobody will contribute. Just silently switch! And then you will probably understand why Windows is where it is and linux is just a toy on the desktop.
            So in other words you plan to switch from a platfrom with privelege elevation security problems to one with remote-code-execution security problems, one where their own software update system was exploited to send viruses? Brilliant move there.

            Comment

            Working...
            X