X.Org Could Use More Help Improving & Addressing Its Security

Written by Michael Larabel in X.Org on 16 September 2021 at 04:10 PM EDT. 133 Comments
X.ORG
Those reading Phoronix over the years likely know the X.Org Server has had an increasing number of vulnerabilities come to light in recent times and statements by security researchers like the security being even worse than it looks. Given the age of the X.Org/X11 codebase and many components being rather unmaintained these days, the security situation isn't that great combined with a lack of manpower. The security topic was under the spotlight today at the XDC2021 conference.

Matthieu Herrb who has long been involved with X.Org and has been part of the barebones security team for more than a decade. He outlined their standard process in dealing with new security vulnerabilities and some other anecdotes like most vulnerabilities these days being around protocol handling bugs rather than buffer overflows. Insufficient/incorrect validation in the protocol handling and related issues have become a recurring problem for the X.Org Server code.


X.Org though is in need of more open-source developers to get involved with the security team, which is becoming harder too as there are increasingly less developers familiar with the aging X.Org code-base.

Those interested in open-source security and/or X.Org can learn more from the presentation below and this slide deck.

133 Comments
Related News
xcompmgr 1.1.10 Released For Classic "Eye Candy" Compositor On X.Org
Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years
It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing
libX11 1.8.10 Brings Memory Safety Fixes
X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana
X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Rustls Multi-Threaded Performance Is Battering OpenSSL
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd