X.Org Server No Longer Allowing Byte-Swapped Clients By Default

Written by Michael Larabel in X.Org on 6 January 2023 at 06:05 AM EST. 28 Comments
Following the recent discussions around Fedora planning to disable byte swapped clients support for the X.Org Server in order to close another "large attack surface" with the aging X11 server codebase, the upstream X.Org Server has now dropped this support by default.

The upstream X.Org Server with its next release will no longer allow byte-swapped clients by default -- the behavior though can be overrode with a new option. This "byte swapped clients" functionality is around X.Org/XWayland clients of difference CPU endianness from connecting to the X.Org Server. Protocol messages to/from the clients can be byte-swapped by the X.Org Server but that code isn't actively maintained and known to be a large attack surface for malicious clients. Given different CPU endianess isn't too common these days and even less so these days for people using remote X11, besides some on x86_64 systems still using IBM s390x or PowerPC 64-bit for remote X11 use of graphical applications, this default change shouldn't affect many people. But this is a win for being a security improvement to the xorg-server.

If you do find a need for say a big endian X11 client to connect to a little endian X.Org Server, the "+byteswappedclients" command line option can be used with the new X.Org Server to allow the byte swapped clients or via the "AllowByteSwappedClients" xorg.conf option.

The change has been merged in the upstream xserver Git. Red Hat's Peter Hutterer has written more about this change. While it's now found in Git, he acknowledges that it's not immediately known when it will propagate into a released X.Org Server given the lack of coordinated releases these days of the project:
"There's no specific plan yet which X releases this will end up in, primarily because the release cycle for X is...undefined. Probably xserver-23.0 if and when that happens. It'll probably find its way into the xwayland-23.0 release, if and when that happens. Meanwhile, distributions interested in this particular change should consider backporting it to their X server version."
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week