X11/X.Org Security In Bad Shape - Slashdot

Slashdot

X11/X.Org Security In Bad Shape 179

Posted by Soulskill on Tuesday December 31, 2013 @07:05PM
from the i-blame-the-schools dept.

An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.' The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."

This discussion has been archived. No new comments can be posted.

X11/X.Org Security In Bad Shape

Search 179 Comments Log In/Create an Account

Comments Filter:

XWayland (Score:5, Informative)

by tepples (727027) writes: <tepples@@@gmail...com> on Tuesday December 31, 2013 @07:24PM (#45833391) Homepage Journal

Every X11 server needs a rendering target. For some X11 servers, this is a video card. For others, it is a virtual frame buffer that gets served through X11VNC or XRDP. And on machines running Wayland, the X11 server will render to the Wayland compositor [freedesktop.org]. Porting an application's GUI toolkit allows the application to bypass XWayland, but not all applications will be ported to Wayland immediately, especially proprietary software no longer under mainstream support and free software without a large enough user base. But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.

Parent Share
twitter facebook linkedin
Broken by design (Score:4, Informative)

by Misagon (1135) writes: on Tuesday December 31, 2013 @08:04PM (#45833635)

It is not the way X works is particularly secure to begin with. Once an app has a connection to the X server, it has full control over the world of window, pixmaps and events on the server including of course all other apps.
Not that I have any faith in Wayland or Mir being any better, its developers coming from the X world in the first place, I am sure that they will make their new shiny systems vulnerable in the same ways.

Share
twitter facebook linkedin
Re:Fucking kill it already (Score:4, Informative)

by fikx (704101) writes: on Wednesday January 01, 2014 @12:11AM (#45834783) Journal

All X11 apps "support" it...that's the beauty of X11 network functionality: apps don't HAVE to support it, it comes free.

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

847 commentsMicrosoft's Attempt To Convert Users From Windows XP Backfires
566 commentsAsk Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?
387 commentsAuthor Says It's Time To Stop Glorifying Hackers
384 commentsAsk Slashdot: How Do You To Tell Your Client That His "Expert" Is an Idiot?
264 commentsRouters Pose Biggest Security Threat To Home Networks

The greatest productive force is human selfishness. -- Robert Heinlein