X.Org Could Use More Help Improving & Addressing Its Security

Those reading Phoronix over the years likely know the X.Org Server has had an increasing number of vulnerabilities come to light in recent times and statements by security researchers like the security being even worse than it looks. Given the age of the X.Org/X11 codebase and many components being rather unmaintained these days, the security situation isn't that great combined with a lack of manpower. The security topic was under the spotlight today at the XDC2021 conference.

Matthieu Herrb who has long been involved with X.Org and has been part of the barebones security team for more than a decade. He outlined their standard process in dealing with new security vulnerabilities and some other anecdotes like most vulnerabilities these days being around protocol handling bugs rather than buffer overflows. Insufficient/incorrect validation in the protocol handling and related issues have become a recurring problem for the X.Org Server code.

X.Org though is in need of more open-source developers to get involved with the security team, which is becoming harder too as there are increasingly less developers familiar with the aging X.Org code-base.

Those interested in open-source security and/or X.Org can learn more from the presentation below and this slide deck.