Announcement

Collapse
No announcement yet.

X.Org's Indirect GLX State Is Frightening Researchers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org's Indirect GLX State Is Frightening Researchers

    Phoronix: X.Org's Indirect GLX State Is Frightening Researchers

    Researchers and scientists appear up in arms this week over the state of Indirect GLX (IGLX) in the X.Org Server and the potential they'd lose the remote OpenGL rendering support they've been accustomed to using for seeing visualizations from clusters / super-computers on their workstations...

    http://www.phoronix.com/scan.php?pag...ential-Bye-Bye

  • #2
    I really don't get it. Xorg is supposedly littered with security problems and has been for over 20 years. I have never heard of a case where risks like these have actually been exploited in real-world scenarios. That isn't to say it never happened or can't, but it's definitely rare enough to not be a concern. Also, if security is what we're after, this attention should be devoted to Wayland. Xorg should just simply be maintained at this point. In my opinion, stuff like this should be kept around, assuming Wayland will never get it's hands on it.
    What I also don't get is, why are they doing this now? IGLX, to my knowledge, has been around for around 8 years. Why is it suddenly now unworthy of staying? Surely people knew of it's security flaws ahead of time.

    Comment


    • #3
      Originally posted by schmidtbag View Post
      [...]That isn't to say it never happened or can't, but it's definitely rare enough to not be a concern.[...]
      Just because you don't hear about something doesn't mean it's not happening all the time!

      Comment


      • #4
        Originally posted by droste View Post
        Just because you don't hear about something doesn't mean it's not happening all the time!
        If it happened all the time, Linux antimalware would be more prevalent, companies like MS would use this info as leverage against Linux (or one of the BSDs), and this "problem" would've been resolved years ago. I have yet to ever hear of solid evidence of a unix or unix-like system unwillingly being hacked because of anything regarding X.org. Again - not saying it hasn't happened, but it really is a minimal concern.

        Comment


        • #5
          Originally posted by schmidtbag View Post
          I really don't get it. Xorg is supposedly littered with security problems and has been for over 20 years. I have never heard of a case where risks like these have actually been exploited in real-world scenarios. That isn't to say it never happened or can't, but it's definitely rare enough to not be a concern. Also, if security is what we're after, this attention should be devoted to Wayland. Xorg should just simply be maintained at this point. In my opinion, stuff like this should be kept around, assuming Wayland will never get it's hands on it.
          What I also don't get is, why are they doing this now? IGLX, to my knowledge, has been around for around 8 years. Why is it suddenly now unworthy of staying? Surely people knew of it's security flaws ahead of time.
          Dude what are on on about? It is just disabled by default. It is not going anywhere.

          Comment


          • #6
            Originally posted by schmidtbag View Post
            If it happened all the time, Linux antimalware would be more prevalent, companies like MS would use this info as leverage against Linux (or one of the BSDs), and this "problem" would've been resolved years ago. I have yet to ever hear of solid evidence of a unix or unix-like system unwillingly being hacked because of anything regarding X.org. Again - not saying it hasn't happened, but it really is a minimal concern.
            some logic fixes

            the term "Security" is wildly broad this days and the same happens with terms like "Breached, Hacked, Widespread and others".

            To my previous point, 10 attacks can be defined as "widespread or happens all the time" depending your target(for example, exploit 3 supercomputer is massive in reference at the total number of supercomputers).

            Not all hackers target desktops, they do so with windows desktops because is just that easy(in google you can find all the tools needed to make your own botnet in less than 10minutes, is not even a challenge this days) and relatively easy to monetize based on cheer numbers(Hacker wholesale approach???).

            Hack a Linux desktop and monetize it take a lot of freaking work due to its market share, quality of users and basic security features(for example try to research how hard is to make linux box part of a botnet)

            Hack a linux server is a hard but highly paying job, so here is where linux security becomes important but many bussinesses in this area handle classified(as IP) data and in many cases this breaches won't make it to the public outside very few selected security researchers and consultants

            my point is, in security if you assume you lose, second never assume outside is insecure and inside is secure or you lose(most server grade breaches are inside jobs, of course not all)

            Side note: antimalware, antivirus or any other pletora of windows anti-tools would be useless in this case

            Side note 2: this is fixed, is named wayland because it cannot be fixed inside Xorg since it would violate the protocol(security in the 80's wasn't a big deal apparently)
            Last edited by jrch2k8; 27 May 2016, 11:17 AM.

            Comment


            • #7
              A lot of these X.org use cases are on internal networks where security isn't as important.

              Comment


              • #8
                Originally posted by schmidtbag View Post
                .....

                you are aware, that any application can record your entire screen the entire time?

                Comment


                • #9
                  Originally posted by karolherbst View Post
                  you are aware, that any application can record your entire screen the entire time?
                  like with systemd and wayland?
                  http://www.phoronix.com/scan.php?pag...-230-FBDEV-Woe

                  Comment


                  • #10
                    Originally posted by trek View Post
                    that's a bug, and I'm not sure Wayland has a role.

                    For Xorg it's like that by design (or lack thereof) since the thing came from ancient times where this wasn't an issue.

                    Comment

                    Working...
                    X