X.Org Could Use More Help Improving & Addressing Its Security

Written by Michael Larabel in X.Org on 16 September 2021 at 04:10 PM EDT. 133 Comments
Those reading Phoronix over the years likely know the X.Org Server has had an increasing number of vulnerabilities come to light in recent times and statements by security researchers like the security being even worse than it looks. Given the age of the X.Org/X11 codebase and many components being rather unmaintained these days, the security situation isn't that great combined with a lack of manpower. The security topic was under the spotlight today at the XDC2021 conference.

Matthieu Herrb who has long been involved with X.Org and has been part of the barebones security team for more than a decade. He outlined their standard process in dealing with new security vulnerabilities and some other anecdotes like most vulnerabilities these days being around protocol handling bugs rather than buffer overflows. Insufficient/incorrect validation in the protocol handling and related issues have become a recurring problem for the X.Org Server code.

X.Org though is in need of more open-source developers to get involved with the security team, which is becoming harder too as there are increasingly less developers familiar with the aging X.Org code-base.

Those interested in open-source security and/or X.Org can learn more from the presentation below and this slide deck.

Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week