Announcement

Collapse
No announcement yet.

X.Org Hit Hard By A Large Batch Of Security Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    X.org Server should have ran without superuser privileges a decade ago.

    I wonder if NSA have known about this and for how long...

    Comment


    • #22
      I think most distributions still run X-server as root.

      It recently became possible to run X without root in Arch with the help of systemd-logind and using FOSS KMS drivers. However, it appears to only work if you launch the X instance from the console and doesn't yet support login managers like GDM or KDM.

      So security auding is pretty important for X. Good thing they found this batch of security holes and patched them.

      Comment


      • #23
        Nobody cared 20 years ago since they apparently knew that Linux isn't a very popular platform and with it's low marketshare it becomes an unimportant target for hackers. (Disregarding the fact that it is one of the most popular OS among hackers to actually use, derp.)

        But now that it's growing in popularity and we have Steam Machines around the corner, this just won't do much longer. Wayland, get over here!

        Comment


        • #24
          Originally posted by johnc View Post
          Remember the days when everyone ran their PCs as one, single, root-equivalent user?
          Oh, you mean Puppy Linux users?

          Comment


          • #25
            Originally posted by rabcor View Post
            Nobody cared 20 years ago since they apparently knew that Linux isn't a very popular platform and with it's low marketshare it becomes an unimportant target for hackers. (Disregarding the fact that it is one of the most popular OS among hackers to actually use, derp.)
            But now that it's growing in popularity and we have Steam Machines around the corner, this just won't do much longer. Wayland, get over here!
            Actually 20 years ago X was safe, as the cards back then were behind MMU's preventing access to unassigned memory.
            Then the pc stepped in, and threw all security away in X, because video cards for the PC were made without MMU.
            Then XFree was build based on the PC security (==none).
            These days security can be reintroduced thanks to IOMMU's. (remember the hacks of the xbox using shaders? a video card is a good attack vector).
            Of course, X11 needs to be resecured. Maybe as a client on wayland.
            Then we can move all security problems to wayland.
            Still the best way to secure a system is to fallback completely to stupid framebuffers.

            Comment


            • #26
              Originally posted by caligula View Post
              Wayland would solve many of these.
              Linux will be safer only if C code would be rewritten using safer languages like Rust.

              Comment


              • #27
                Originally posted by Ardje View Post
                Actually 20 years ago X was safe, as the cards back then were behind MMU's preventing access to unassigned memory.
                Then the pc stepped in, and threw all security away in X, because video cards for the PC were made without MMU.
                Then XFree was build based on the PC security (==none).
                These days security can be reintroduced thanks to IOMMU's. (remember the hacks of the xbox using shaders? a video card is a good attack vector).
                Of course, X11 needs to be resecured. Maybe as a client on wayland.
                Then we can move all security problems to wayland.
                Still the best way to secure a system is to fallback completely to stupid framebuffers.
                This is totally irrelevant. These security flaws are 100% on code running on the CPU, and nothing at all to do with GPUs.

                Comment


                • #28
                  Originally posted by JS987 View Post
                  Linux will be safer only if C code would be rewritten using safer languages like Rust.
                  There's a hell of a lot you can do within C to avoid running into these issues.

                  Comment

                  Working...
                  X