X.Org Could Use More Help Improving & Addressing Its Security

Written by Michael Larabel in X.Org on 16 September 2021 at 04:10 PM EDT. 133 Comments
X.ORG
Those reading Phoronix over the years likely know the X.Org Server has had an increasing number of vulnerabilities come to light in recent times and statements by security researchers like the security being even worse than it looks. Given the age of the X.Org/X11 codebase and many components being rather unmaintained these days, the security situation isn't that great combined with a lack of manpower. The security topic was under the spotlight today at the XDC2021 conference.

Matthieu Herrb who has long been involved with X.Org and has been part of the barebones security team for more than a decade. He outlined their standard process in dealing with new security vulnerabilities and some other anecdotes like most vulnerabilities these days being around protocol handling bugs rather than buffer overflows. Insufficient/incorrect validation in the protocol handling and related issues have become a recurring problem for the X.Org Server code.


X.Org though is in need of more open-source developers to get involved with the security team, which is becoming harder too as there are increasingly less developers familiar with the aging X.Org code-base.

Those interested in open-source security and/or X.Org can learn more from the presentation below and this slide deck.

133 Comments
Related News
VMware & QXL X.Org Video Drivers See New Updates After Several Years
NVIDIA Contributes linux_dmabuf v4 Feedback Support To XWayland
GNOME's Mutter Adds Support For Toggling Byte-Swapped XWayland Clients
X.Org Server No Longer Allowing Byte-Swapped Clients By Default
X11 Server Development Pace Hits A Two Decade Low
xf86-video-modesetting TearFree Page-Flipping Merged
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Firefox 109 vs. Chrome 109 Browser Benchmarks On Ubuntu Linux + Core i9 13900K
Wine 8.0 Released With PE Conversion Complete, Progress On WoW64 Support
Canonical Promotes Ubuntu Pro To General Availability
AMD Zen 4 SMBA & BMEC Features Still Working Their Way To The Linux Kernel
MPV Player 0.35.1 Released With Wayland & PipeWire Fixes
Mesa 22.3.4 Brings Fix For RADV RT Build Performance To Match AMDVLK/AMDGPU-PRO
Microsoft Releases WinGet 1.4 For Improving Its Open-Source Package Manager
PipeWire 0.3.65 Adds New Combine-Stream Module, Bluetooth MIDI