Forgot your password?

X11/X.Org Security In Bad Shape 179

Posted by Soulskill
from the i-blame-the-schools dept.
An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.' The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."
This discussion has been archived. No new comments can be posted.

X11/X.Org Security In Bad Shape

Comments Filter:
  • XWayland (Score:5, Informative)

    by tepples (727027) <{tepples} {at} {}> on Tuesday December 31, 2013 @07:24PM (#45833391) Homepage Journal
    Every X11 server needs a rendering target. For some X11 servers, this is a video card. For others, it is a virtual frame buffer that gets served through X11VNC or XRDP. And on machines running Wayland, the X11 server will render to the Wayland compositor []. Porting an application's GUI toolkit allows the application to bypass XWayland, but not all applications will be ported to Wayland immediately, especially proprietary software no longer under mainstream support and free software without a large enough user base. But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.
  • Broken by design (Score:4, Informative)

    by Misagon (1135) on Tuesday December 31, 2013 @08:04PM (#45833635)

    It is not the way X works is particularly secure to begin with. Once an app has a connection to the X server, it has full control over the world of window, pixmaps and events on the server including of course all other apps.

    Not that I have any faith in Wayland or Mir being any better, its developers coming from the X world in the first place, I am sure that they will make their new shiny systems vulnerable in the same ways.

  • by fikx (704101) on Wednesday January 01, 2014 @12:11AM (#45834783) Journal
    All X11 apps "support" it...that's the beauty of X11 network functionality: apps don't HAVE to support it, it comes free.

"But this one goes to eleven." -- Nigel Tufnel