Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (phoronix.com) 43
Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.
This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.
This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.
Consider this. (Score:5, Insightful)
If this is kind of thing has lurked in a widely reviewed codebase for 18 years, how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?
Re: Consider this. (Score:3)
Re: (Score:3, Insightful)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Re: (Score:2)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Of course not. New is always better [youtube.com].
Re: (Score:2)
Damn. He sold me.
Re: (Score:2)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Of course not. New is always better [youtube.com].
[*smacks forehead*] Detailed, iron-clad logic to be sure. :-)
Re: (Score:2)
Laughs in OpenBSD.
Re: (Score:2)
I have to agree, xorg code was many many many layers of hacks to "make it work". Yes new code can be kludgy. But xorg code is a few decades of it.
Closed drivers, new unanticpated archtectures, movement of exacutable able code between the CPU and devices over time. And always a rush to get it to work.
But hey they did get it to work. And work well actually. I'm more than impressed that xorg has done what's its done. And it will for probably a couple of decades more. Wayland wouldn't exist without X
Re: Consider this. (Score:1)
So they invented kludgey by design. Want screen capture, not secure by design, want screen lock/savers, who needs that!, I just want a window manager, hereâ(TM)s 15 of them with various different opinions on security and how to implement the Wayland protocol and 75% are tiling (Windows 1.0 called).
Re: Consider this. (Score:4, Funny)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
We're not talking about systemd, so stop talking about systemd.
Re: (Score:3)
Re: (Score:2)
Re: Consider this. (Score:1)
X11 doesnâ(TM)t need to run as root, only the login system needs to (because it has to be able to spawn something as the user) and with tools like SELinux or containers, that would still give very limited access even if successfully exploited. The problem with Wayland is that it is not entirely understood yet what you need for a functioning system, so SELinux definitions are overly broad or ill defined, running Wayland in a container is rather disastrous because of required access to (2D/3D) accelerati
Re: (Score:2)
It's actually WELL KNOWN that Xorg has horrible memory management, it crashes all the time if you give it a bitmap that is too big. This isn't news at all. Everybody knows it leaks memory, that's one of the reasons for replacing that ancient pile of crud
Re: (Score:3)
Widely reviewed? Have you looked at it? It's so awful even the hackers trying to exploit the flaws can't figure out where the memory leak is
Re: Consider this. (Score:2)
Oh whatever. I remember about 15 years ago I had to make something work with X and it took me all of a week or two of casual hacking to make it happen.
Same as any pile of code: sit down, coffee up, trace it out.
Re: (Score:3)
how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?
Considering the codebase of Wayland is orders of magnitude simpler even if you don't count the many additional libraries for X.org, chances are not as long.
Also I really hope you're not reading this on a modern device or a modern OS. I hear programmers programmed those and there may be bugs in it. Be afraid my man. Those coding types can't be trusted. /s
Re: (Score:2)
Considering the codebase of Wayland is orders of magnitude simpler
What is your source for this information? Have you looked at the codebases? It sounds like you're making shit up.
Re: (Score:1)
What is your source for this information? Have you looked at the codebases? It sounds like you're making shit up.
Everything sounds made up when it doesn't agree with an ignorant preconception. You can google the size of the code base of each. X is one order of magnitude larger than Wayland excluding the libraries, and 2 orders of magnitude including libraries.
By the way why do you at all think that this wouldn't be the case? You're literally comparing something which has been under continuous development and expansion for 40 years to something that was conceived 16 years ago and didn't get steam until the past decade.
Re: (Score:2)
Re: (Score:2)
> widely reviewed codebase
[citation needed]
Just because the code is available doesn't mean that people are actually looking at it.
Re: (Score:2)
Wayland can not get here soon enough (Score:2)
Not only Xfree86 (to distingish it from the plaform formerly known as Twitter) has a creacking and archaic codebase, it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals). Yes, we lose some mighty powerfull features along the way, But I trust that the returns (mainly in performance and ease of maintenance) will outweight the lost features...
Anywho, again, Wayland can not get here soon enough.
Re: (Score:3, Insightful)
it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals).
I disagree. It not being "modern" does not imply it not being a good option.
Re: Wayland can not get here soon enough (Score:1)
Donâ(TM)t worry, it has been âoeon its wayâ for 16 years now.
Re: (Score:2)
smart devices instead of dumb graphic terminals
Have you met the internet? What about 'cloud services'?
Most of your 'smart devices' are sending all your input data to a server which is processed and then sent back to a dumb display... Exactly what X11/XFree86/Xorg was designed to do.
Not that big an issue (Score:2)
It requires a computer with X11 and users not also having root. That is not that common a set-up. Obviously, it exists.
Re: (Score:2)
Wasn't this known about? (Score:2)
I swear this has been a known attack vector for a long time. When I took my CEH back in 2010'ish, my sans instructor was talking about using malicious images to take over linux gui's.
Re: (Score:2)
That's not about images, LOL.
Xkb is the keyboard + mouse handling code, and the "compat map" is some overcomplicated, misdesigned data structure used to define key combinations and the actions they should trigger.
How is XWayland affected? (Score:3)
I don't think XWayland runs as root. How is it affected by this privilege escalation?
Re: (Score:3)
Reading the article, it's not affected by privilege escalation, but if you ran a malicious program via X11 over ssh, then it could get XWayland to run arbitrary code as your user. Technically remotely exploitable.
Re: (Score:2)
Quite often, neither does X.Org
Re: (Score:1)
I don't think XWayland runs as root. How is it affected by this privilege escalation?
IF (run as root)
THEN privilege escalation to root
ELSE no one said "privilege escalation" in this else clause
Don't forget that way back XFree started out in a way that the server had to run as root as for most drivers there were no provisions to access the video hardware without it.
Xorg started out in a way that window manager/desktop environments had to run their login screens as root in the same way gettys and sshd did.
It took awhile to get to a more granular permissions system to allow all those tasks in
Switching to Rust will solve everything (Score:2)
Or at least so I'm told.
The only problem with Wayland is... (Score:3)
The only problem with Wayland for me at this time is it doesn’t take networks seriously.
Network transparency is an important feature of increasingly modern OS design. We are not there yet in many ways, I doubt Windows will even manage to get started, but X11 has.
Plan 9 did it amazingly.
No, VNC and RDP are not alternatives. I have X clients running on machines that have no Xserver installed to even run an RDP of VNC daemon, I'm not installing Wayland on headless machines and setting up a RDP server just for the sake of being able to run a config program for a product that expects to connect to an X Server, that naturally isn’t there, and can’t be there.
The XServer is running on the machines at work, and no, it’s not just us IT admins doing it. Our users run X aware code and suites on the cluster and routinely use (on windows) Xming or X11 support in WSL2. This is their day job.
If Wayland as a design had the ability to use remote displays, even if much of that work was placed on the compositor which is very likely, then I'd probably switch simply for the smaller codebase. Assuming we have updated versions of the software suites that can use it obviously.
However, the development of Wayland, in a networked world is quite oddly against the network. The developer said they were simply keeping out of it leaving it to be implemented, and re-implemented by compositors. Basically encouraging not one standard, but a whole mess of standards. The developer also keeps confusing network transparency with RDP and VNC. I don’t see how sending an image of a whole desktop can be confused with sending the UI elements of a single application. How hard is it to realise that sending whole images of desktops around is so 2000's windows, us Linux users ditched things like VNC years ago just like we all got used to virtual desktops way before MS thought they would be nice to add. I only use remote desktop protocols at work where it's all windows servers etc and it's just as clunky now as it was back then.
Why would anyone want that on Linux? It's nuts.
Now we do have a project called "waypipe" that could offer some klugey solution. However, it's early days yet.
Till then Wayland is just an in-development X11 alternative for local programs on a local machine. Having to go back in time with VNC just to use this supposedly modern X11 replacement is just, odd.
It’s just like being made to go back to using FTP instead of SFTP, or telnet instead of SSH or even better, RS232 and null-modem cables! And yes, even I today have relied on RS232 serial console access but it’s only as the last resort.
Till Wayland gets (or is given) standard network support, or can support something like waypipe properly to implement network transparency it has very little utility outside of a personal laptop.
Where I work we run CAD software over the network transparently using X11. You can’t beat it.
Re: (Score:2)
Additional:
Wayland is also obsolete by design due to this.
Plan 9 already solved the problem. Use the 9P protocol, implement that. This "problem" of replacing X has already been done, and in a way that wipes the floor with wayland.
Re: (Score:2)
Well the thing is, though, that tunneling X11 over ssh still works great on Wayland, thanks to Xwayland. For 99% of all use cases, it's done so transparently you won't even notice. As long as X11 as a protocol is still supported by application toolkits this will continue to work as it always has. So no fear. Your CAD software will still work if you switch your desktop to Wayland.
I've been using KDE with Wayland for quite a while now and for the most part it works fine. I run apps over ssh all the time.