Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: X.Org Libraries Hit By Round Of Security Issues

  1. #21
    Join Date
    Jul 2010
    Posts
    449

    Default

    Quote Originally Posted by varikonniemi View Post
    Somewhat of a lacking analogy, since gasoline cars can not be run on electricity just by "figuring out an e->g converter". X on wayland is working pretty well in this day and age. Imagine what it could have been already, if wayland actually had a team of dedicated developers opposed to a few talents making it happen?
    You weren't talking about running X on Wayland, you mentioned killing X with fire in one sentence and replacing it in the next. The trouble with putting more people on Wayland is that X development/maintenance would suffer; imagine being told (of a bug in X): "We're not fixing that, you need to leave X and run Wayland instead".

  2. #22
    Join Date
    Feb 2008
    Location
    California
    Posts
    79

    Default

    Quote Originally Posted by varikonniemi View Post
    X on wayland is working pretty well in this day and age.
    And using the exact same set of X libraries that we just fixed all these bugs in. You can't be rid of the X client libraries without being rid of every existing program using them. And for every X program in your distro's package repository there's dozens more you don't see, including a ton of custom apps behind closed doors, doing things like running major subway systems off Motif-based control GUIs.

  3. #23
    Join Date
    Sep 2008
    Location
    Vilnius, Lithuania
    Posts
    2,636

    Default

    Most of these issues stem from the client libraries trusting the server to send correct protocol data
    That sounds like a terrible idea. I don't think anyone should trust that what the X server sends is good at this point...

    The X.Org security team would like to take this opportunity to remind X client authors that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this.
    Indeed. I really hope something can be done about making more widespread use of polkit, as opposed to visual sudos. Starting with YaST.

  4. #24
    Join Date
    Jan 2013
    Posts
    1,116

    Default

    Quote Originally Posted by BO$$ View Post
    People have stuff to do with the computer. They don't want to know about security issues. That is not the reason they bought it.
    Fixed that for you. Now go back to Windows, you deserve to have your machine compromised by exploits nobody knows about and even if they are known maybe Microsoft will fix them next Patch-Tuesday. Well, maybe not, but how should you know?

  5. #25
    Join Date
    Feb 2011
    Posts
    1,299

    Default

    Quote Originally Posted by BO$$ View Post
    Hahaha! You don't get it do you? Why would I fix those bugs? The moment linux security turns out to be shit is the moment I'll go back to Windows. Me and a lot of people. Nobody will contribute. Just silently switch! And then you will probably understand why Windows is where it is and linux is just a toy on the desktop.
    So in other words you plan to switch from a platfrom with privelege elevation security problems to one with remote-code-execution security problems, one where their own software update system was exploited to send viruses? Brilliant move there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •