Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: The XMir Security Issue Should Now Be Resolved

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    15,705

    Default The XMir Security Issue Should Now Be Resolved

    Phoronix: The XMir Security Issue Should Now Be Resolved

    Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved...

    http://www.phoronix.com/vr.php?view=MTQ0Mzg

  2. #2
    Join Date
    Jul 2013
    Location
    USA
    Posts
    715

    Default

    Quote Originally Posted by phoronix View Post
    Phoronix: The XMir Security Issue Should Now Be Resolved

    Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved...

    http://www.phoronix.com/vr.php?view=MTQ0Mzg
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    well the Unity Lens AD's has porn in it too but oh well any one know if they fixed it?
    http://mindaict.blogspot.com/2012/09...l#.UhfY-6yP-PI

  3. #3
    Join Date
    Aug 2012
    Posts
    526

    Default

    If you were looking for porn, then one would call that a feature (shifty eyes).

    There is a built in way to turn amazon search off, btw.

  4. #4
    Join Date
    Apr 2013
    Posts
    221

    Default what the problem?

    Quote Originally Posted by LinuxGamer View Post
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    well the Unity Lens AD's has porn in it too but oh well any one know if they fixed it?
    http://mindaict.blogspot.com/2012/09...l#.UhfY-6yP-PI
    you don t see porno when you are a child? lol

    ppl try everything, go out and live your life and stop with stupid things

  5. #5
    Join Date
    Jan 2011
    Posts
    1,287

    Default

    Quote Originally Posted by Andrecorreia View Post
    you don t see porno when you are a child? lol

    ppl try everything, go out and live your life and stop with stupid things
    Weren't you supposed to leave Phoronix forever, because Michael said it was good news Xubuntu won't use XMir on 13.10?

  6. #6
    Join Date
    Apr 2011
    Posts
    114

    Default

    This is still broken as of revision 1007, presumably because corresponding code needs to land in Xmir.

  7. #7
    Join Date
    Jan 2011
    Posts
    1,287

    Default

    Quote Originally Posted by mjg59 View Post
    This is still broken as of revision 1007, presumably because corresponding code needs to land in Xmir.
    Wait at least a few days, it's probably in the staging PPA right now.

  8. #8
    Join Date
    May 2011
    Posts
    11

    Default

    [QUOTE=LinuxGamer;352835]"Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    --snip

    This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?

  9. #9
    Join Date
    Jul 2013
    Location
    USA
    Posts
    715

    Default

    [QUOTE=andydread;352868]
    Quote Originally Posted by LinuxGamer View Post
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    --snip

    This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?
    Yes it was and You had to compile the kernel with the CONFIG_PERF_EVENTS and it was well known by Developers/Hackers you can use unsafe flags today to compile the kernel or BSD and you don't want Noob's Jumpping in to Testing Unsafe Software remember the Mir wiki is miss leading in this case to newb's

  10. #10
    Join Date
    Aug 2008
    Location
    Netherlands
    Posts
    290

    Default No thanks

    Quote Originally Posted by LinuxGamer View Post
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time
    Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

    because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •