Phoronix: X.Org Libraries Hit By Round Of Security Issues
It was just last month that there was an X.Org Server security issue dealing with hot-plugging of input devices. Being announced today is a new round of security problems, this time multiple issues dealing with X.Org client libraries...
Don't worry about it they're geniuses, nothing to worry about. Remember that Linux is invulnerable to security issues and just move along, nothing to see here.
Feel free to fix bugs and security issues yourself, you are a programmer, feel entitled to tell others what they should work on and seem to have enough time at hand to troll around at Phoronix. So when can we see your contributions?
For this to work (from what I take it), you would also need to modify on disk binaries to do this. Furthermore, if you take all the effort of using an unprivileged X server, then why not go the last (precious) mile and run an unprivileged client as well?
I have been pondering for a while to use xscreensaver in combination with PAM to use luksSuspend and luksResume to suspend and resume my encrypted partition whenever I enable my screensaver (would be really kewl, no idea if my software appreciates that lol). That would have been the only scenario that I could think of (given that my X server is not privileged, which is (unfortunately) not the case).
OR, I could use sudo and PAM (exec) and be save! =) .
And like I said in other threads at least these vulnerabilities are being announced at all. If this was proprietary software they would have been patched in the current code, ignored in older code and never mentioned to anyone.
The only issue that was brought to my attention that I don't have a good answer for is how best to propagate patches. I mean I really don't know. Even if a fix is made, but it is not distributed then the mere announcement of this vulnerability will inform the bad guys how to get in. So propagating these security patches is critical.