Page 1 of 2 12 LastLast
Results 1 to 10 of 25

Thread: X.Org Libraries Hit By Round Of Security Issues

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    14,623

    Default X.Org Libraries Hit By Round Of Security Issues

    Phoronix: X.Org Libraries Hit By Round Of Security Issues

    It was just last month that there was an X.Org Server security issue dealing with hot-plugging of input devices. Being announced today is a new round of security problems, this time multiple issues dealing with X.Org client libraries...

    http://www.phoronix.com/vr.php?view=MTM3NzU

  2. #2
    Join Date
    Jan 2008
    Posts
    299

    Default

    Big kudos to Alan for handling this. He's already patched a bunch of these and is streaming patches out for others.

  3. #3
    Join Date
    Sep 2012
    Posts
    284

    Default

    So they are still using strcpy() ?

  4. #4
    Join Date
    Jan 2013
    Posts
    1,116

    Default

    Quote Originally Posted by BO$$ View Post
    Don't worry about it they're geniuses, nothing to worry about. Remember that Linux is invulnerable to security issues and just move along, nothing to see here.
    Feel free to fix bugs and security issues yourself, you are a programmer, feel entitled to tell others what they should work on and seem to have enough time at hand to troll around at Phoronix. So when can we see your contributions?

  5. #5
    Join Date
    Dec 2012
    Posts
    457

    Default

    For this to work (from what I take it), you would also need to modify on disk binaries to do this. Furthermore, if you take all the effort of using an unprivileged X server, then why not go the last (precious) mile and run an unprivileged client as well?

    I have been pondering for a while to use xscreensaver in combination with PAM to use luksSuspend and luksResume to suspend and resume my encrypted partition whenever I enable my screensaver (would be really kewl, no idea if my software appreciates that lol). That would have been the only scenario that I could think of (given that my X server is not privileged, which is (unfortunately) not the case).

    OR, I could use sudo and PAM (exec) and be save! =) .

  6. #6
    Join Date
    Jan 2013
    Posts
    1,116

    Default

    Quote Originally Posted by BO$$ View Post
    People have stuff to do with the computer. They don't want to know about security issues. That is not the reason they bought it.
    Fixed that for you. Now go back to Windows, you deserve to have your machine compromised by exploits nobody knows about and even if they are known maybe Microsoft will fix them next Patch-Tuesday. Well, maybe not, but how should you know?

  7. #7
    Join Date
    Feb 2011
    Posts
    1,096

    Default

    Quote Originally Posted by BO$$ View Post
    Hahaha! You don't get it do you? Why would I fix those bugs? The moment linux security turns out to be shit is the moment I'll go back to Windows. Me and a lot of people. Nobody will contribute. Just silently switch! And then you will probably understand why Windows is where it is and linux is just a toy on the desktop.
    So in other words you plan to switch from a platfrom with privelege elevation security problems to one with remote-code-execution security problems, one where their own software update system was exploited to send viruses? Brilliant move there.

  8. #8
    Join Date
    Oct 2009
    Posts
    2,086

    Default

    Quote Originally Posted by BO$$ View Post
    Don't worry about it they're geniuses, nothing to worry about. Remember that Linux is invulnerable to security issues and just move along, nothing to see here.
    I prefer patched and patchable vulnerabilities to the only alternative. Remember that ignorance doesn't protect you.

  9. #9
    Join Date
    Dec 2012
    Posts
    457

    Default

    Quote Originally Posted by droidhacker View Post
    I prefer patched and patchable vulnerabilities to the only alternative. Remember that ignorance doesn't protect you.
    In reply to:

    Quote Originally Posted by BO$$ View Post
    Don't worry about it they're geniuses, nothing to worry about. Remember that Linux is invulnerable to security issues and just move along, nothing to see here.
    Still don't know how to interpret this...

    EDIT1: #6: Yes, I did pass Enlish in high school. It should be 'safe' instead of 'save'. Sorry!

  10. #10
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,061

    Default

    I think the news here is that X has an active security team

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •