X11/X.Org Security In Bad Shape

Is X security really a problem? by Anonymous Coward · 2013-12-31 11:08 · Score: 4, Interesting

Aren't we going to replace it with Wayland or something really soon?

Re:Is X security really a problem? by Anonymous Coward · 2013-12-31 11:16 · Score: 0

explains how X11 Server security with being 'worse than it looks.
What the fuck is this even supposed to mean?
Re:Is X security really a problem? by fnj · 2013-12-31 15:00 · Score: 2

Aren't we going to replace it with Wayland or something really soon?
What do you mean "we", kemosabe?
Re:Is X security really a problem? by binarylarry · 2013-12-31 15:36 · Score: 0

Maybe they're using TWM and it's a pun?

--
Mod me down, my New Earth Global Warmingist friends!
Re:Is X security really a problem? by jhol13 · 2013-12-31 16:35 · Score: 1

Even if we do, whan on earth makes you think Wayland is even a bit better?
Re: Is X security really a problem? by Anonymous Coward · 2013-12-31 17:39 · Score: 0

It new! Its hot! It comes from the Gnome crowd! It requires systemd! Gnome depends on systemd! KDE dependa soon on system! You must have it! Its soo h4wt!
Re:Is X security really a problem? by npcole · 2014-01-01 01:05 · Score: 1

Wayland is Linux only, isn't it? What about all those other places that run X.org?
Re: Is X security really a problem? by Anonymous Coward · 2014-01-01 06:06 · Score: 1

Wayland is from the original creators of X11 and current developers of X11. They all hate X11 and refuse to work on it. If you like X11 so much, you work on it.

Not to mention that X11 simply can't do some things that are now a requirement. If X11 can't work on cell phones and tablets, then it's broken. One of the orignal 20+ year developers was talking about how X11 can't even do some simple things, like NOT TEARING. This simple feature can't be implemented without breaking X11.
Re:Is X security really a problem? by cboslin · 2014-01-01 07:58 · Score: 1

Wayland is Linux only, isn't it? What about all those other places that run X.org?
Only certain versions of Linux, Wayland breaks other distros (versions) of Linux unfortunately, thus its only a very limited solution at best.
Re: Is X security really a problem? by Anonymous Coward · 2014-01-01 08:42 · Score: 0

This simple feature can't be implemented without breaking X11.
Wrong, this can be implemented by separating the rendering back-end from the x11 protocol front-end. Which is exactly what they are doing with the wayland back-end and the x11 front-end on top of it. Now once you have this separation and you don't need the x11 feature, why not talk directly to the back-end and gain in efficiency? This is exactly what is being done with the gui toolkit.
TLDR: You are an idiot that don't know shit about computer. Fuck you.

ANOTHER Phoronix post? by gcore · 2013-12-31 11:15 · Score: 0, Troll

Jesus christ. ANOTHER Phoronix post? Isn't this news for nerds - stuff that MATTERS? Phoronix is a link farm where very few posts matter.

Re:ANOTHER Phoronix post? by Anonymous Coward · 2013-12-31 11:18 · Score: 1

You must be new here. Nothing on Slashdot matters, including the people and the comments.
Re:ANOTHER Phoronix post? by Anaerin · 2013-12-31 11:50 · Score: 5, Insightful

I'm sorry. You were complaining about a news (Yes, news) story about a talk from CCC (Which is highly popular with, and immensely relevant for, nerds), posted on Phoronix (A website that devotes itself almost entirely to information, news and reviews on hardware and software from a Linux-based perspective), about a lot (120+) of security holes (Things that matter) in the X11/X.org servers (Which are the basis for (almost) all GUI-driven applications in Linux, *BSD and some of OSX).
By my count, that makes this story "News", "For Nerds", and "Stuff that matters". Oh, and the irony in posting that Phoronix is a "Link Farm" on /. is almost entirely palpable.
Re:ANOTHER Phoronix post? by epyT-R · 2013-12-31 16:13 · Score: 0

Oh, what are we supposed to care about then? What the masses do? ..and what's that? What's up with the latest dick miley cyrus is fucking?
Re:ANOTHER Phoronix post? by reikae · 2013-12-31 20:43 · Score: 1

You're correct of course, nothing on Earth really matters. We all will die eventually and the whole universe may (will?) be gone one day. Luckily I can mostly forget that and get excited about little things that don't really matter.
Re:ANOTHER Phoronix post? by Anonymous Coward · 2013-12-31 21:47 · Score: 0

I think he's referring to Phoronix being the useless middleman in the news. Just link to the original article, meaning the CCC talk. Phoronix only has a redundant abstract and lots of in-phoronix links to previous news and finally, hidden somewhere, a link to the real article.
Re:ANOTHER Phoronix post? by Anonymous Coward · 2014-01-01 06:30 · Score: 0

Who the fuck reads the article anyway? They might as well link to two girls one cup (NSFW--or anywhere else for that matter). I didn't even bother reading the summary. This is normal behavior for /. Three words (or less) from the headline forms the basis of all discussion.
God I hate newbies on /. It's like I have to splain everything to them. AND DON'T GIVE ME THAT NONSENSE ABOUT HIS NUMBER BEING LOWER THAN MINE! HE MUST HAVE EBAYED IT. awfuckitall I'm gonna click AC anyway. Thanks for the chips.

The process by ebonum · 2013-12-31 11:17 · Score: 2

This is a good thing. This is the way it is supposed to work. This is how things get better. A little late, but it good to see this happening.

Re:The process by dasunt · 2013-12-31 14:35 · Score: 4, Insightful

This is a good thing. This is the way it is supposed to work. This is how things get better. A little late, but it good to see this happening.
No. I think it's time to throw X out. We'll make a new implementation, complete with everything I use (we'll plan to add stuff you want later), with all new code, because new code never has any security holes!
Re:The process by jhol13 · 2013-12-31 16:34 · Score: 1

I do not believe that (things are getting better).
I would be really surprised if the real number of holes is going down significantly, the developers are making holes at the same time as these guys are finding them. Perhaps this temporarily gets the hole count down, but after five years the situation will be the same.
The OSS "mind" has been, for 20 years, "a fixed hole is a good thing". Why on earth would it suddenly change to "do not make new holes"?
Re:The process by VortexCortex · 2013-12-31 19:07 · Score: 1

To be fair, code rarely contains security holes. It's the instructions you have to worry about.
Re:The process by MikeBabcock · 2013-12-31 19:52 · Score: 1

... and is always API and binary compatible with all the existing software out there ;-)

--
- Michael T. Babcock (Yes, I blog)
Re:The process by Anonymous Coward · 2014-01-01 01:21 · Score: 0

No. I think it's time to throw X out. We'll make a new implementation, complete with everything I use (we'll plan to add stuff you want later), with all new code, because new code never has any security holes!
You're absolutely right. Developers should volunteer their time maintaining decrepit, bug-ridden code, and loads of features they don't even need.
Fucking idiot.

XWayland by tepples · 2013-12-31 11:24 · Score: 4, Informative

Every X11 server needs a rendering target. For some X11 servers, this is a video card. For others, it is a virtual frame buffer that gets served through X11VNC or XRDP. And on machines running Wayland, the X11 server will render to the Wayland compositor. Porting an application's GUI toolkit allows the application to bypass XWayland, but not all applications will be ported to Wayland immediately, especially proprietary software no longer under mainstream support and free software without a large enough user base. But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.

Re:XWayland by Anonymous Coward · 2013-12-31 11:55 · Score: 1

So, thanks to a gratuitous API change, legacy systems without "Wayland" can no longer support newer versions of software.
Anyway, fine-grained security is overrated. EVERYTHING sufficiently complex will have at least one nasty hole in it, and one or a hundred come to the same thing. Block whole protocols from the unwashed masses, and know that internally you're at the mercy of any sufficiently determined rogue, so Treat Your Friends Well.
Or engage in an endless arms race. That always works out great.
Re:XWayland by girlintraining · 2013-12-31 11:58 · Score: 1

But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.
The flaw in this statement is beyond biblical proportions, and in fact extends into the patently absurd domain of hollywood proportions. It's non-digital counterpart is referenced in #63 of the Evil Overlord List: "Bulk trash will be disposed of in incinerators, not compactors. And they will be kept hot, with none of that nonsense about flames going through accessible tunnels at predictable intervals."
You're suggesting that only having a vulnerability present at certain times mitigates the risk. It does not.

--
#fuckbeta #iamslashdot #dicemustdie
Re:XWayland by Anonymous Coward · 2013-12-31 11:59 · Score: 1

Since Wayland is another freedesktop.org project, it will no doubt be integrated into systemd over the next year. What else can be integrated into systemd... how about ssh?
Re:XWayland by tepples · 2013-12-31 12:22 · Score: 2

So, thanks to a gratuitous API change, legacy systems without "Wayland" can no longer support newer versions of software.
GUI toolkits will likely continue to support both X11 and Wayland backends, just as many currently support X11, Win32, and Quartz backends.
Re:XWayland by jbolden · 2013-12-31 12:46 · Score: 1

First off those kits don't run so well under Quartz or Win32 so well. It is off and on but the support is iffy. I suspect that with X11 the support will be better but the feature set of Wayland fits the mainstream GUIs better. So what I would guess is that the X11 version doesn't get maintained much hence buggy, and is slow.
Re:XWayland by thegarbz · 2013-12-31 13:01 · Score: 2

As a matter of interest don't applications just use toolkits like GTK or QT to render an interface? Can't just the toolkits be ported to Wayland with minimal change to the app?
Are we talking about a re-write to make an app Wayland compatible, or a few minor changes and a recompile?
Re:XWayland by tepples · 2013-12-31 13:19 · Score: 1
We're talking about 1. porting the toolkits and 2. porting the applications to the latest versions of the toolkits. Step 2 can be a few minor changes, recompile, and run through the project's acceptance testing procedure. Or it can be far more involved if any of the following are true:
- The application currently uses a toolkit that won't be ported to Wayland. Among X11 toolkits, Qt and GTK+ will be ported, but many others won't.
- The application currently uses an old major version of a toolkit. Applications that depend on old GTK+ or old Qt will first have to be ported to a version of the toolkit that supports Wayland.
- The application is proprietary and no longer under mainstream support.
Re: XWayland by Anonymous Coward · 2013-12-31 13:32 · Score: 0

While you may be right in general, Qt works splendidly on Win32.
Re:XWayland by F.Ultra · 2013-12-31 14:20 · Score: 1

Step 2 can also be "do nothing" since the toolkits can implement support for Wayland without changed the major version of the toolkit so the application can link to the very same .so as it did before. Also the user might run XWayland and then even the old X11-only toolkits will work out of the box.
Re:XWayland by tepples · 2013-12-31 14:45 · Score: 1

the toolkits can implement support for Wayland without changed the major version of the toolkit
This is true provided that a particular major version of a toolkit is still in mainstream support. Consider what happens if, for example, GTK+ 3 gets ported to Wayland but GTK+ 2 does not. In that case, GTK+ 2 applications that aren't ported to GTK+ 3 will need to run in XWayland.

Also the user might run XWayland and then even the old X11-only toolkits will work out of the box.
Previous stories about Wayland have attracted comments to the effect "if most of your apps will be running in XWayland, why even switch to Wayland in the first place?" and I was trying to word my comment to avoid the train of thought that leads there.
Re: XWayland by Anonymous Coward · 2013-12-31 14:46 · Score: 2, Interesting

To my surprise I raise the following question!
The same people who worked on X Org are working on Wayland now!
These people removed a couple of hundret thousands of lines of code from X Org.
They refactored the code.
They cleaned the code.
They think they know what they were doing.
How can we trust them to be sucessful with Wayland ?
Re: XWayland by epyT-R · 2013-12-31 15:53 · Score: 1

..with a ~50MB overhead..and lack of integration with the rest of the system.
Re:XWayland by dbIII · 2013-12-31 16:17 · Score: 2

That's right. An upgrade from a complex network aware system with lots of places for bugs to hide to a simple dumb framebuffer where there are less places for bugs to hide. That's fine so long as a simple dumb frame is all you need and so long as it doesn't have lots of places to hide in bits designed to do shiny 3D things thrown together quickly without considering security at all.

Come on now people, let's consider this seriously instead of the silly name calling. Who in Wayland is even thinking about doing it as a secure system yet? I hope that's the way it goes but it's not happening this early in the project What is it with all these "X sux for a problem that Wayland hasn't even considered yet but will sort out someday" posts?
Re: XWayland by Anonymous Coward · 2013-12-31 17:42 · Score: 1

I'm not a fan of Wayland, but if we assume they are all wonderful, perfect developers, it could be that they inherited the mess that is X, tried to fix it up, and then at some point threw up their hands and said "This shit is just too fucked, we need a full rewrite" - and thus Wayland. I don't think this team is the same group of people that wrote X in the first place.
Re:XWayland by thegarbz · 2013-12-31 18:39 · Score: 1

Previous stories about Wayland have attracted comments to the effect "if most of your apps will be running in XWayland, why even switch to Wayland in the first place?" and I was trying to word my comment to avoid the train of thought that leads there.
If people don't realise that a sudden system wide change that breaks all applications is bad without an emulation layer for transition I don't think they can meaningfully participate in any conversation about change.
Ask them how they propose the change to IPv6 if they are so clever.
Re: XWayland by Anonymous Coward · 2013-12-31 18:56 · Score: 0

I don't think this team is the same group of people that wrote X in the first place.
Actually, it is, mostly. The people who dislike X the most are the people who have been working on it for the past 25+ years.
Re: XWayland by jbolden · 2014-01-01 02:19 · Score: 1

1) Qt may work well, but KDE does not and razor-qt doesn't even try.
2) Qt works as well on Windows compared to other cross platform kits. It doesn't even support all of Windows though digia is doing a nice job.
Re:XWayland by Anonymous Coward · 2014-01-01 02:45 · Score: 0

"Who in Wayland is even thinking about doing it as a secure system yet? I hope that's the way it goes but it's not happening this early in the project What is it with all these "X sux for a problem that Wayland hasn't even considered yet but will sort out someday" posts?"
Someone mod this guy up. A least when X provides the primitives there's an option of standardized support and security built into the window system. It also simplifies the application implementation by providing a standard library of tools to use. Now if X had been updated and upgraded like it should have been....
celle
PS. What's being lost is the uniqueness of the X solution. Other operating systems have bitmap graphics, go use them.
Yes, X11 should've been retired ten years ago (at least) by X12, funny that didn't happen. It's still due for retirement, but Wayland isn't it.
cap thorns
Re: XWayland by Anonymous Coward · 2014-01-01 05:42 · Score: 1

The X.Org dudes started with a craptacular mess that wasn't their design. You can only polish a turd so much. That's what wayland is all about. It's a fresh start from something that isn't a known ball of shit. So instead of polishing a turd they'll be polishing a booger or something.
Re: XWayland by Anonymous Coward · 2014-01-01 06:00 · Score: 0

Dude, 50MB is absolutely nothing for anyone running something newer than XP. The actual amount of "overhead" is nowhere close to ~50MB anyway and you would know if you bothered to do any actual research. Stop pulling shit from your ass. It smells bad and grosses out the ladies. Further, QT supports the use of native controls and widgets.
Re:XWayland by Anonymous Coward · 2014-01-01 10:07 · Score: 0

Steam!
Re:XWayland by F.Ultra · 2014-01-03 06:48 · Score: 1

Yes that is true but there is also great motivation from the Wayland and MIR developers to implement support in the current toolkits so even if support won't happen in the stable version from upstream it's quite likely that we will get it anyways. For example Canonical have implemented MIR support in both SDL1.2 and SDL2.x. I assume here that they are also working on GTK2 and Qt, and something tells me that Red Hat will do the same for Wayland.
Re:XWayland by smash · 2014-01-08 03:49 · Score: 1

It's about making the simple dumb framebuffer do simple dumb framebuffer stuff and moving the other complexity out of the simple dumb framebuffer to better seperate security, etc. You don't have a single do everything command line tool, you have multiple small tools you can link together with pipes. This is no different.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:XWayland by morgauxo · 2014-01-08 04:43 · Score: 1

"GUI toolkits will likely continue to support both X11 and Wayland backends"
But what does that mean? As someone who will hold onto X with a death grip until Wayland is on par with X for remote display support what does it mean that toolkits will continue to support X? Does that mean that applications will support X IF I can compile them myself? With 'everyone' using Wayland and myself still on X will I no longer be able to use pre-compiled binaries? Will I be completely shut out from closed source software?
Or will any program built using a toolkit that supports both just run on either without any added difficulty?
If the Wayland developers could answer questions like this in a clear manner maybe a lot of us would be less concerned and combative towards Wayland. Or.. maybe our fears would just be confirmed. I see all sorts of internet posts regarding the remote display issue but usually the Wayland developers seem to either just throw it over the fence as 'not our problem' or get way to deep, talking about the technical details of how GUI development works. Maybe the answers are there but we aren't all X developers, we don't all want to be Wayland developers either!
I also see posts that someone has remote display working on Wayland posted on some GIT repository. But, what does one need to do to use it? Is it rootless, rooted or both? (both have their places, both should exist in any 'final' product). Again, maybe the answers are there but they are posted in a manner that is WAY too deep into Wayland internals.

And in a related story, water is wet. by Anonymous Coward · 2013-12-31 11:36 · Score: 0

X Windows was never designed with security in mind. The fact that it's insecure is no surprise.

Obligatory YouTube link by DaHat · 2013-12-31 11:38 · Score: 2

Since media.ccc.de seems down, this video is also on YouTube: https://www.youtube.com/watch?v=n9fANvt0IsM

--
Help Brendan pay off his student loans

Re:Obligatory YouTube link by GioMac · 2013-12-31 12:22 · Score: 2

http://berlin.ftp.media.ccc.de/congress/2013/mp4/30c3-5499-en-X_Security_h264-hq.mp4

--
"It feels like I'm at the Zoo when reading this thread - I'm frightened, but it's interesting" (c)

Re:Hotel 1 Bravo by DaHat · 2013-12-31 11:40 · Score: 2

Given that X is nearly 30 years old... it sounds more like a number of issues were not considered way back when (trust boundaries for one), and that those same mistakes/assumptions have been carried forward for much of this time.

--
Help Brendan pay off his student loans

When will Wayland contain this essential feature? by blackpaw · 2013-12-31 11:43 · Score: 3, Funny

Cue hord of posts demanding that Wayland must die as it can never replicate the mass security violations that X11 contains.

New PSA poster by CajunArson · 2013-12-31 11:44 · Score: 1

When you use an Insecure X11 Stack...
You are displaying windows WITH THE NSA!

Yet another reason why they need to whip Wayland into shape.

--
AntiFA: An abbreviation for Anti First Amendment.

Re: New PSA poster by Anonymous Coward · 2013-12-31 18:01 · Score: 0

You are missing an 'A' it has to be 'NASA'.
Re:New PSA poster by VortexCortex · 2013-12-31 19:08 · Score: 1

Meet the new boss, same as the old boss.

How badl is the overall architecture? by Anonymous Coward · 2013-12-31 11:47 · Score: 0

Could it be time for X12?

Re:How badl is the overall architecture? by jones_supa · 2013-12-31 13:51 · Score: 1

Then we would have X12, Wayland and Mir competing...redundant fragmentation over minor differences.
Re:How badl is the overall architecture? by Anonymous Coward · 2013-12-31 16:46 · Score: 0

"Could it be time for X12?"
It was time for X12 fifteen years ago. What did we get then? And what are we getting now?
Re:How badl is the overall architecture? by Anonymous Coward · 2013-12-31 16:51 · Score: 0

"Could it be time for X12?"
Plan9.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2013-12-31 11:48 · Score: 0

Cue hords of posts demanding that X11 must die because Wayland does everything better.

Fucking kill it already by ArchieBunker · 2013-12-31 11:57 · Score: 1, Insightful

X had its day in the sun. I want a responsive and fast GUI with network connectivity being somewhere in 10th place. Make that socket/DRI/whatever they cooked up this year into a module so the rest of us don't suffer.

--
Only the State obtains its revenue by coercion. - Murray Rothbard

Re:Fucking kill it already by TheGratefulNet · 2013-12-31 12:21 · Score: 1

if it works, why break or reinvent it?
I've been using X for 25 yrs (or close to it) and it does 99% of what I'd want from a transport/gui/toolkit/windowing system.
vnc works great and its only audio that does not carry over vnc. and I don't care or need that (and there are probably ways around that, too).
we have such fast hardware, I don't get what's wrong with X anymore. even if its 'slow' in code, its not slow in practice!

--

--
"It is now safe to switch off your computer."
Re:Fucking kill it already by Anonymous Coward · 2013-12-31 12:28 · Score: 1

X had its day in the sun. I want a responsive and fast GUI with network connectivity being somewhere in 10th place. Make that socket/DRI/whatever they cooked up this year into a module so the rest of us don't suffer.
X is plenty fast on it's own.
Direct your rant an the Gnome/KDE window-dressing/eye-candy fetishists.
Don't blame the Titanic for the captain running it into the iceberg.
Re:Fucking kill it already by Anonymous Coward · 2013-12-31 12:41 · Score: 1

I would have loved to use X11 over the network daily over the decades. Alas, it hasn't worked out. While XTerm has worked great since the 9600-baud terminal connections, the WiFi latencies kill the responsiveness of Firefox, Evince, Emacs, Eclipse and the like. Since XTerm was always fine, I'm left to think the culprit that killed X was the toolkits (together with the synchronous Xlib) that insist on playing ping-pong with the X server. Thank goodness emacs works perfectly on text terminals.
I don't think the Remote Desktop is progress, but something better needs to come along. The X11 protocol is too low-level and the modern themes do too much pixel-level micromanagement. Options include something like a Qt server coresiding with Wayland with a thin Qt API library linked with the remote client application or a Turing-complete applet sandbox (a la Javascript) where the remote application's GUI library downloads the toolkit to the local Wayland server and does ad hoc communication with the remote client.
Re:Fucking kill it already by fikx · 2013-12-31 12:54 · Score: 1

You mean the "rest of us" being that minority that doesn't use and/or doesn't understand X11 network functionality?

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by Anonymous Coward · 2013-12-31 12:56 · Score: 0

I know this is Slashdot but come on, half the comments are talking about it. RTFS and notice that there's a SECURITY problem! It's NOT working!
Re:Fucking kill it already by drinkypoo · 2013-12-31 13:07 · Score: 1

You mean the "rest of us" being that minority that doesn't use and/or doesn't understand X11 network functionality?
Minority? The majority of X11 users will never remote an application.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Fucking kill it already by Desler · 2013-12-31 15:59 · Score: 1

You think the majority of users use network transparency? LOL. Most apps can't even support it if the user wanted it.
Re:Fucking kill it already by fikx · 2013-12-31 16:10 · Score: 1

if I count most comments about it, you're out numbered, hence "minority"

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by fikx · 2013-12-31 16:11 · Score: 3, Informative

All X11 apps "support" it...that's the beauty of X11 network functionality: apps don't HAVE to support it, it comes free.

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by epyT-R · 2013-12-31 16:22 · Score: 1

It does have a responsive and fast response.. It's the bloated toolkits and useless eyecandy rendering engines sitting under it that are the problem.. Turn off the compositor and it responds just fine, even on ancient late 90s hardware.
Re:Fucking kill it already by epyT-R · 2013-12-31 16:27 · Score: 1

That is a horrible idea.. the last thing we need to do is waste even more performance with useless sandboxing and other jive. There's too much of that going on everywhere else now. Regardless of protocol, having sane toolkits and themes in the first place would go a long way towards making remote desktop quick and responsive even with bad connectivity. This means no stupid pixel shader driven desktops when running in remote mode..
Re:Fucking kill it already by dbIII · 2013-12-31 16:35 · Score: 1

Since that minority is huge and includes just about every linux desktop used for work purposes and a pile of MS Windows machines with X to run remote stuff as well I consider it a minority worth listening to.
Ignorance is not a virtue.
Re:Fucking kill it already by epyT-R · 2013-12-31 16:55 · Score: 1

The majority of users never create content either, so should we just get rid of desktops entirely and force developers to use tablets?
Re:Fucking kill it already by dbIII · 2013-12-31 17:12 · Score: 1

I'm left to think the culprit that killed X was the toolkits
And the idea is for them to still live on in Wayland.
I still don't see anything in Wayland that things like "evas" can't already give us on X (yes I know that "evas" for Wayland is also in progress).
Re:Fucking kill it already by WaffleMonster · 2013-12-31 17:54 · Score: 1

Minority? The majority of X11 users will never remote an application.
Except xeyes
Re:Fucking kill it already by smash · 2013-12-31 19:02 · Score: 2

Because it only works for very generous definitions of "works". If you've never used anything else maybe remote X seems like it rocks, but vs. ICA or RDP (even the versions from 1999) its performance is abysmal.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Fucking kill it already by smash · 2013-12-31 19:04 · Score: 2

... and remote X sucks balls really bad anyway. It's passable on gigabit ethernet, anything slower than that and it is pretty horrible. Meanwhile, even RDP is usable over 64 kilobit.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Fucking kill it already by drinkypoo · 2013-12-31 23:54 · Score: 1

if I count most comments about it, you're out numbered, hence "minority"
When you decided that slashdot was representative of most X11 users, you failed miserably. Almost as hard as X11 fails at security.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Fucking kill it already by Sanians · 2014-01-01 00:56 · Score: 1

All X11 apps "support" it...that's the beauty of X11 network functionality: apps don't HAVE to support it, it comes free.
Really? Last time I tried it I found far too many things assumed they could communicate with the X server via shared memory. I assumed it had something to do with me running it via SSH which seemed to emulate a local X server in order to encrypt all of the data before sending it over the network. I guess programs just assumed that shared memory was always available when communicating with a local X server.
It's no surprise, really. The features that only 0.1% of users use are the features most likely to be broken due to an extreme lack of testing by developers.
Re:Fucking kill it already by Anonymous Coward · 2014-01-01 01:42 · Score: 0

As a developer, if I was forced to use either a thin X terminal or a tablet, I'd chose the fucking tablet.
At I'd get a responsive SSH client and web browser.
Re:Fucking kill it already by celle · 2014-01-01 03:06 · Score: 0

" It's passable on gigabit ethernet, anything slower than that and it is pretty horrible. Meanwhile, even RDP is usable over 64 kilobit."
Actually X with compression works good even on 28.8 modems. You just have to set it up right and use it with regards to bandwidth limitations. RDP had severe problems at that low no matter what you did.
Re:Fucking kill it already by fikx · 2014-01-01 04:00 · Score: 1

Slashdot's not the only place I count. Other web sites and forums seem to be the same. Rough back-of-envelope counting anyway...no need to do more than that considering the counter replies don't even do that.
Just once I'd like someone to answer this criticism with something reasonable instead of "No it's Not!!!"

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by fikx · 2014-01-01 04:03 · Score: 1

Every time I'd tried it it's worked. Mozilla, Firefox, Doom3 even, The ones that have trouble are desktop environment apps (like gnome session manager, or other gnome utils) that assume the whole desktop is local...not a problem to do with X, they are looking for or trying to take over another desktop pieces. That's a multi-user fail, not an X fail.
Examples from your side?

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by smash · 2014-01-01 06:39 · Score: 1

Funny, i've been using RDP over frame links as slow as 64kbit since 1999...

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Fucking kill it already by drinkypoo · 2014-01-01 06:42 · Score: 1

Rough back-of-envelope counting anyway
You're counting the loud users. Most users of X11 don't even know what an X11 is, or if they've ever heard of X10 that it's not just a crappy home automation standard known for pop-up ads. And that is in fact the way it ought to be. We only know what X11 is because we've had to fight with it to make it do what we want, or because we're working with it directly on some level deeper than the average user.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Fucking kill it already by Anonymous Coward · 2014-01-01 09:34 · Score: 0

yes and please don't make the network module a required or recommended package, but rather have it as something optional. (GUI with network connectivity is not on my list at all, being able to remove it completely is)
Re:Fucking kill it already by Sanians · 2014-01-01 12:02 · Score: 1

Examples from your side?
This was a few years ago, but from what I remember, when using Konqueror as a file browser, it mostly worked correctly, unless I needed to scroll down in a window in which case it wasn't updated in response to my scrolling. I think there was also some issue with the image viewer "mirage" though I don't remember what.
Re:Fucking kill it already by fikx · 2014-01-01 12:29 · Score: 1

Don't have mirage, but gave Konqueror a try. Prolly not an accurate test as I don't use it much, but worked OK from my PC to my phone...lots of messages in the xterm about contacting other desktop pieces but scrolled fine on the GUI side while showing my home folder...

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by fikx · 2014-01-01 13:00 · Score: 1

To be optimistic for Linux adoption, I'd estimate that for every person who does nothing in terms of remote apps or desktops there are 2 users who do (have to count business, campus, etc. users who are on a large network where such things are every day events). Linux still has a lot of it's users in technical areas or who are technical even at home (home network, etc.) as opposed to just home users. So I's say we've got 2/3 of the Linux users doing remote work of some kind. And for every 3 users who do use some kind of remote app and is telling me X11 remote apps is just as good as VNC or RDP, I'd bet there is at least 2 of those 3 that doesn't understand how X11 remote apps works (hasn't used it or doesn't understand the difference) based on what I've heard from people who have tried or who have at least thought about it.
Just rough estimates on my part, sure, but it still gives my side the majority. Any place I can look up real figures to try and find out who is using Linux nowadays? See how far off I am?

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by Anonymous Coward · 2014-01-01 23:26 · Score: 0

So move to Windows, then.
Re:Fucking kill it already by Anonymous Coward · 2014-01-02 00:29 · Score: 0

We can have very efficient sandboxed code, without the JS clusterfuck. Here's an idea:
http://scherbius2014.de/EDVstattIT.html (Strategie Nr. 7)
Re:Fucking kill it already by drinkypoo · 2014-01-02 00:41 · Score: 1

And for every 3 users who do use some kind of remote app and is telling me X11 remote apps is just as good as VNC or RDP, I'd bet there is at least 2 of those 3 that doesn't understand how X11 remote apps works (hasn't used it or doesn't understand the difference) based on what I've heard from people who have tried or who have at least thought about it.

Well, I've used X11, VNC, and RDP, and RDP wins hands down. This is probably because some of the toolkits used with X11 abuse X11, but it does not in fact matter why. The truth is that RDP gives the best results in pretty much every situation in which you're running anything more complex than an xterm. And I do mean xterm, or perhaps color_xterm, but not gnome-terminal or what have you.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Fucking kill it already by fikx · 2014-01-02 02:39 · Score: 1

My experiece is opposite: used vnc, rdp, citrix, X11, etc. etc. And X11 is always better. In fact use rdp and pcoip daily and don't enjoy it compared to X11.

--
AB HOC POSSUM VIDERE DOMUM TUUM
Re:Fucking kill it already by Sanians · 2014-01-02 10:50 · Score: 1

It's probably time for me to try it again one of these days. It was years ago, and may well have been an bug in SSH's implementation rather than a bug in the process itself.

Slashdot editing in bad shape by wonkey_monkey · 2013-12-31 12:00 · Score: 1

A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.'

Still, at least you didn't just copy and paste, so points for that.

--
systemd is Roko's Basilisk.

Re:Slashdot editing in bad shape by Anonymous Coward · 2014-01-01 07:19 · Score: 0

A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.'
Still, at least you didn't just copy and paste, so points for that.
I have a presentation here that explains how grammar with being incomprehensible bollocks.

Broken by design by Misagon · 2013-12-31 12:04 · Score: 3, Informative

It is not the way X works is particularly secure to begin with. Once an app has a connection to the X server, it has full control over the world of window, pixmaps and events on the server including of course all other apps.

Not that I have any faith in Wayland or Mir being any better, its developers coming from the X world in the first place, I am sure that they will make their new shiny systems vulnerable in the same ways.

--
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley

Re:Broken by design by phantomfive · 2013-12-31 13:08 · Score: 4, Insightful

Doesn't everyone use X over an ssh tunnel anyway? I haven't used a raw X connection in over a decade.....

--
"First they came for the slanderers and i said nothing."
Re:Broken by design by Rich0 · 2013-12-31 13:48 · Score: 4, Insightful

Doesn't everyone use X over an ssh tunnel anyway? I haven't used a raw X connection in over a decade.....
That doesn't help at all. He's talking about the fact that any X client can obtain information from any other X client on the same server. Tunneling the X clients through ssh doesn't help at all - it just causes the server to make all that information available over ssh.
Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.
Why is this sort of thing bad? Well, now not only can a browser exploit result in a script being able to sniff your keyboard traffic to other tabs in the same browser, it can also sniff your keyboard traffic to every other window on your display, regardless of where those clients are actually running. There are ways to block it, but nobody uses them as they are rather inconvenient (xterm probably still supports it though).
However, until we close the gap of by web browser being able to read my mail directory or modify my .bashrc, I think that X11 vulnerabilities are just the tip of the iceburg.
Re:Broken by design by F.Ultra · 2013-12-31 14:30 · Score: 1

Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.
Which mainstream OS does this differently? AFAIK this is the way it works in Windows and OSX aswell, unsure about the BSDs though but I wouldn't be surprised if they also do it like this (it would be a pain to use things like strace or shared memory otherwise and the MMU tables would be quite big)
Re:Broken by design by Rich0 · 2013-12-31 14:54 · Score: 1

Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.
Which mainstream OS does this differently?
Linux under SELinux potentially does this different. I guess you could also count Android - as it gives each application a separate uid, though access to the sdcard is all-or-nothing.
However, yes, this is a common vulnerability, and just another reason why the world is crawling with worms.
Re:Broken by design by bill_mcgonigle · 2013-12-31 15:13 · Score: 1

Which mainstream OS does this differently?
When I was reading up about this a few months ago, it was noted that Windows Vista fixed this on the Windows line. So, yeah, even Windows 8 does something better than a GNU/Linux desktop.
The SELinux fix has been roughed out, but it's not very usable and certainly not mainstream.
I was really disappointed to read that Wayland would possibly bolt this on later, but had nothing baked into the core protocol.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Re:Broken by design by 10101001+10101001 · 2013-12-31 15:15 · Score: 1

Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.
Actually, what makes it worse than that is that (1) there are suid X clients which makes for an obvious privilege escalation attack vector though the X server and (2) the X server itself is root which makes the X server a big target. The fact that the presentation spoke repeatedly about how nasty GLX was is only funny to me in a dark way because of just how insecure GPUs seem anyways as they suffer even worse from the "unixy" trust-everything-local attitude. So, while I'd love to hear that he succeeds in his GLX clean ups, I only think that clears one bug hurdle while still leaving (a) OpenGL drivers and (b) potentially hardware GPU memory protection limitations. Screen scrapping at the kernel level seems worse if nothing else because it doesn't require nearly the level of sophistication in actually discovering which window holds what object and then try to grab or trap for passwords or whatever that way.

However, until we close the gap of by web browser being able to read my mail directory or modify my .bashrc, I think that X11 vulnerabilities are just the tip of the iceburg.
Strictly speaking, we already have that capability in SELinux or in AppArmor. The reason it's not really heavily implemented is because you might want your web browser to be able to save a file in your mail directory or overwrite your local .bashrc from a server stored copy somewhere. Meanwhile, sticking all the UI stuff to allow/disallow isn't some magic bullet--Windows NT has a very robust system of protection that does very little because people don't micromanage things. And honestly, the issue isn't that the web browser has access to your mail directory. It's that a nefarious web site may manipulate your web browser to read the mail directory when you don't want it to. If that's really a big enough concern, you can just run the web browser as a different user....so long as the X11 bugs are fixed. :)

--
Eurohacker European paranoia, gun rights, and h
Re:Broken by design by Anonymous Coward · 2013-12-31 15:30 · Score: 0

OS X sandboxes everything.
Re:Broken by design by Rich0 · 2013-12-31 16:05 · Score: 2

the X server itself is root which makes the X server a big target
Good point. With KMS I'm not quite sure why it still is root, but sure enough mine is...

Strictly speaking, we already have that capability in SELinux or in AppArmor. The reason it's not really heavily implemented is because you might want your web browser to be able to save a file in your mail directory or overwrite your local .bashrc from a server stored copy somewhere. Meanwhile, sticking all the UI stuff to allow/disallow isn't some magic bullet...
Oh, I agree. The problem is that nobody has figured out a good model for app-level security that isn't extremely inconvenient.
However, I still think the status quo is really insecure. The fact that nobody has come up with something that works better doesn't change that. Sure, if your browser doesn't contain an exploit then you don't need the extra security, but if you want security then you really need defense in depth.
I think something that the NSA has recently demonstrated is that a lot of software contains zero-days known to very few. The more defense in depth you have, the harder it is to exploit your systems. If you're relying only on perimeter security then you're up the creek when somebody breaches it. Of course, the fact that they're sticking rootkits in the firmware also points to the fact that you need to control the bootstrap from a known-good state. What we really need is secure boot that starts from a trustworthy FOSS loader implemented in ROM that verifies and proceeds into flash for UEFI, and then verifies/loads the OS. Maybe store the ROM's verification certificate in flash which is protected against writing by a hardware switch (that way you can install your own UEFI and configure its trust settings). Of course, all of this only works if you trust your hardware vendor.
However, this might be a bit of a pipe dream. Linux has had Trusted Grub for eons and who uses that?
Re:Broken by design by Anonymous Coward · 2013-12-31 16:05 · Score: 0

And who isn't running SELinux yet? I remember working with it about 10 years ago. Now it's so good, I just sit back and watch this all day.
Re:Broken by design by Anonymous Coward · 2013-12-31 16:38 · Score: 0

Then you don't know much about Wayland, do you? The source and protocol specifications are already there for you to look at, rather than make retarded claims.
Re:Broken by design by fisted · 2013-12-31 19:08 · Score: 2

Especially the user.

--
CLI paste? paste.pr0.tips!
Re:Broken by design by Misagon · 2013-12-31 19:24 · Score: 1

What claims?

--
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
Re:Broken by design by MikeBabcock · 2013-12-31 19:54 · Score: 1

Actually, Android comes to mind. Each application is locked in its own little world (except apps from the same developer) and can only talk to other apps via API calls they've previously agreed on or published.
Its actually quite a nice model.

--
- Michael T. Babcock (Yes, I blog)
Re:Broken by design by Anonymous Coward · 2014-01-01 01:46 · Score: 0

Surely it'd be *more* work to code in the ability for clients to query other clients...
Re:Broken by design by amorsen · 2014-01-01 06:08 · Score: 1

That actually makes the problem worse. Once you have forwarded your X connection with ssh -Y, everyone who can get the security token on the machine you ssh into (e.g. at least root) can sniff your keystrokes. If you do ssh -X instead, the damage they can do is limited (well except for X bugs), but few things actually work so -X is rarely used.
X is pretty unique in that respect, other remote desktop protocols generally do not have local keyboard sniffing built in as a feature (although I think some of them have had bugs enabling it).

--
Finally! A year of moderation! Ready for 2019?
Re:Broken by design by Uecker · 2014-01-01 06:15 · Score: 1

X clients tunnelled over X are untrusted X clients and do not have access to everything by default. See X security extension and the -Y option of ssh.
Re:Broken by design by deconfliction · 2014-01-01 09:09 · Score: 1

Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.
I am a bit of bearded unix burnout but... For goodness sakes. It has nothing to do with "unixy trust-everything-local attitude". It has everything to do with _the uid security model_. The security model is not "trust everything local", it is "each user(by id) can run a bunch of programs, and those programs are all _by design_ able to communicate (or interfere) with any other program run by the same user". Yes, in practice, we find many unix systems where there is effectively only a single user, and the biggest security threat vector against that user is *not other users on the system* but *programs the user decided to run that were not sufficiently vetted to be free of (remotely) explotable bugs and backdoors*. The method android uses, assigning a unix uid to each program to provide the kind of inter-program sandboxing/isolation (that selinux also enables), is a *complete kludge* in the context of the unix uid security model. In practice, I admit that there is a spirited educational morsel you were trying to get across. But I don't think the way you phrased it will lead to readers of your comment becoming properly educated about what is really going on, and how we got here.
Re:Broken by design by Rich0 · 2014-01-01 10:15 · Score: 1

Yes, in practice, we find many unix systems where there is effectively only a single user, and the biggest security threat vector against that user is *not other users on the system* but *programs the user decided to run that were not sufficiently vetted to be free of (remotely) explotable bugs and backdoors*
So, I agree with everything you said, but if I only ran software sufficiently vetted to be free of exploitable bugs and backdoors I wouldn't be running just about anything. Certainly I wouldn't be running the Linux kernel, or any web browser. I'm sure there are a few small programs that are sufficiently small that you could completely characterize their behavior if you limited it to a very particular intended use.
Half the stuff on the NSA Christmas list of exploits probably involves zero-days for mainstream FOSS.
I'm not suggesting that we should stop using Linux. I just wouldn't consider it done yet.
Agree 100% that the Android approach is a kludge, but it is a step in the right direction in that it works reasonably well without much fuss. I'm not pointing towards anything in particular as a solution - I think the right solution remains to be found.
Re:Broken by design by Rich0 · 2014-01-01 10:18 · Score: 1

X clients tunnelled over X are untrusted X clients and do not have access to everything by default. See X security extension and the -Y option of ssh.
True, but that would apply only to the clients going through the tunnel. Well, assuming it works (on my distro ssh X11 forwarding without -Y doesn't work at all).
Re:Broken by design by Uecker · 2014-01-01 11:21 · Score: 1

X clients tunnelled over X are untrusted X clients and do not have access to everything by default. See X security extension and the -Y option of ssh.
True, but that would apply only to the clients going through the tunnel. Well, assuming it works (on my distro ssh X11 forwarding without -Y doesn't work at all).
I don't understand. Local programs have access to everything anyway (for this user) - even without X. So why is this a problem? (Well it *is* a problem - but unrelated to X)
What do you mean that X forwarding is not working? It is usually deactivated by default and you have to turn it on with -X or in a config file. If you use '-Y' you turn off security. You have no reason to complain, if you turned security off yourself.
Re:Broken by design by Rich0 · 2014-01-02 02:09 · Score: 1

What do you mean that X forwarding is not working? It is usually deactivated by default and you have to turn it on with -X or in a config file. If you use '-Y' you turn off security. You have no reason to complain, if you turned security off yourself.
Looked it up. Openssh secure forwarding only works if the X server is compiled with XC-SECURITY enabled, which is disabled by default. Some distros consider it insecure, as does upstream. So, on distros that do not override this and enable XC-SECURITY secure Openssh forwarding is disabled. If you use openssh -X to connect you get the error "Warning: untrusted X11 forwarding setup failed: xauth key data not generated." X11 forwarding does not work in this case. Using -Y works fine.
There is some relevant discussion at:
https://bugs.freedesktop.org/show_bug.cgi?id=2606
Re:Broken by design by Uecker · 2014-01-02 09:05 · Score: 1

Hm. You are right. Debian/Ubuntu seem to activate the security extension by default and Fedora/Red Hat might use XACE and selinux (I don't know). But it is a bit disappointing to learn how much this is neglected upstream.
Re:Broken by design by Rich0 · 2014-01-02 09:22 · Score: 1

Yeah, was a bit frustrating when I finally figured out why it was broken, especially since the error message isn't exactly helpful.

Pushing pixmaps around by tepples · 2013-12-31 12:26 · Score: 2

I intended to emphasize "more complex" rather than "less security-hardened". There's plenty of "more complex" legacy stuff in X11 that almost no modern application uses; most GUi toolkits nowadays just push pixmaps around. The featured article describes the effort to fix the "less security-hardened" part, but the only way to break with "more complex" is to ditch X11 in favor of something that does one thing (push pixmaps around) and does it well. Isn't that what the UNIX philosophy is supposed to be anyway?

Re:Pushing pixmaps around by girlintraining · 2013-12-31 14:14 · Score: 0, Troll

Isn't that what the UNIX philosophy is supposed to be anyway?
Adherence to a philosophy in the face of more reasonable alternatives is an act of irrationality. Philosophies are meant to guide, not dictate. When a philosophy is elevated to the status of a belief, it ceases being an idea to free us, and instead becomes something to restrict and control us.
The engineer in me says the only "philosophy" one should adopt is the one that leads to the most benefits with the fewest drawbacks. If that requires eschewing the current design paradigm for a different one, than so be it.

--
#fuckbeta #iamslashdot #dicemustdie
Re:Pushing pixmaps around by dbIII · 2013-12-31 16:28 · Score: 1

Yes the brute force approach of pushing pixmaps around which only does it well because ridiculously powerful graphics hardware makes it possible. Meanwhile far less powerful hardware is turning up everywhere and is almost always on a network (eg. congested WiFi) that just does not have the bandwidth to take pixmaps put together by more powerful hardware (and certainly can't do much itself).
This idea of the dumb framebuffer where the application developer has to do a lot of heavy lifting to match the application to display resolution, events etc along with the non-networked approach really does look like a step back into the 1980s to me. The application developers may as well be writing something for a range of video game consoles instead of asking a layer to just put their stuff on the screen and tell it when somebody clicks on it.
Re:Pushing pixmaps around by Anonymous Coward · 2013-12-31 19:31 · Score: 1

I am a huge fan of UNIX methodology: do one thing and do it well. It's not just a philosophy, it saves valuable time as a modular design pattern. The problem is defining how big "one thing" can be, as it invariably gets worse as it gets more complex.

Re:Hotel 1 Bravo by jd · 2013-12-31 12:34 · Score: 5, Insightful

Some were certainly considered but prohibited by law. Due to crypto export restrictions, it wasn't until the limits on Open Source were loosened that X was legally permitted to have any kind of meaningful security. The non-export version still had to talk to the exportable edition, after all.

Yes, X was (and is) incredibly sloppy by today's standards and yes a lot of that was due to poor decisions in the days of X10. (Yes, boundaries are a decision. MIT could have chosen any sort of access control list system they wanted, with yet another library handling it. You could have then substituted whatever you wanted, so long as the API remained the same. Pretty much futureproof, no significant extra coding, easier to maintain than what they actually did.)

The coding flaws - of which there were many - were often detectable by tools as ancient as lint.

But you must also remember, X10 and X11 were never intended as products. They were reference implementations of a protocol, not finished products intended for actual use. The different vendors were always "supposed" to provide their own.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)

Celestia, of course by Anonymous Coward · 2013-12-31 12:35 · Score: 0

Since Wayland is another freedesktop.org project, it will no doubt be integrated into systemd over the next year. What else can be integrated into systemd... how about ssh?

systemd is the best argument yet for legalizing postnatal abortion. I know, let's integrate celestia into systemd!

Re:Celestia, of course by Anonymous Coward · 2013-12-31 17:58 · Score: 0

Let's get Eclipse integrated first. Then we can modularize Celestia into an Eclipse plug-in.
Re:Celestia, of course by Anonymous Coward · 2014-01-01 02:10 · Score: 0

"Let's get Eclipse integrated first."
Reverse that, let's make systemd an Eclipse plugin. Then no one will use it!
response: Which one?
Me: It's 7am. It's new years day. I'm still drunk, and I don't care!!
celle

Not just X.org by Wonko+the+Sane · 2013-12-31 12:43 · Score: 2

Based on the Qt team's complete lack of willingness to fix security bugs apparently when you render with Qt, you're rendering with the NSA.

Re:Not just X.org by Anonymous Coward · 2013-12-31 22:16 · Score: 0

Weirdly enough, for all his claims, I cannot find a single bug he reported in the KDE or Qt bug trackers.
Re:Not just X.org by Anonymous Coward · 2014-01-01 05:15 · Score: 0

The last time I brought up security issues and posted proof of concepts on the mailing list for Xorg and QT, I got attacked by ego maniacs of developers. To which I just responded back with a big "FU" and gave up on supporting them on anything. What this guy is doing is the way to go in getting people aware of all the issues and either forcing Xorg to do something about it or we just move away from Xorg. He probably discovered early on that they're all assholes.
Re:Not just X.org by zander · 2014-01-01 21:27 · Score: 2

The Qt part left a bit of a bad taste in my mouth, so I did some research of my own.
The first thing to notice is that a normal Qt application has no attack surface, there is no need for any part of the application to use elevated privileges. So what was his point? The presenter went with the assumption that some applications can be started as a normal user but get root rights by being installed as suid-root.
I don't understand why he would attack that idea. Having a GUI app started by any user run as root is not good security policy. Having your app run as root and linking it to multi-megabytes of library that is not hardened for such a case is just plain silly.
The answer of the Qt guys makes a lot of sense, the library is not meant to be run with different privileges as the user that started it. He should have gotten the point when the Qt security experts made the point clear with the plugins. If I can start an app as root from my normal user, and I can specify which styling-plugin to run, I essentially can tell it to run my code. As root.
So, I'm fully satisfied with the answer that Qt is not wrong, it doesn't have an attack surface unless the app using it is doing something stupid.
His security report is akin to blaming the vim authors that it is a security concern if you install it as suid-root. Its blaming the wrong person for introducing the attack surface.
ps. his quoted Qt code never occurs in any of the Qt5 codebase as far as I can find.
Re:Not just X.org by Wonko+the+Sane · 2014-01-01 21:44 · Score: 1

This is not the account I've heard about the Qt team being hostile to external input. I know someone working on a Qt application who frequently has to work around c++11 and javascript bugs, and is unable to get any of his patches accepted upstream.
Re:Not just X.org by zander · 2014-01-01 22:41 · Score: 1

Qt has hundreds of committers from dozens of companies, if he can' t get his patches accepted, did you consider they were of low quality or in violation of the guidelines?
Re:Not just X.org by Danious · 2014-01-01 23:00 · Score: 2

Since moving to Open Governance, we're very open to external input: we're just very demanding, that's all. You can't expect us to just blindly accept any drive-by patch submission, or any security report from a self-proclaimed security expert. There's a process to follow, standards to reach, and it takes time to convince Qt maintainers that your patch or security concern is correct, let alone meets the quality standard required. If you're not prepared to stick around and defend your patch/security issue/bug report from robust questioning then why should we trust you? I'm a Qt maintainer, one of the first to be appointed under Open Governance from outside Nokia/Digia, and it still takes me several revisions before my patches get approved! It's hard work, simply because quality matters in a toolkit like Qt, especially with security issues.
As for the original article, well the issues were discussed with Qt in March last year, and our security expert at the time said we don't support running a Qt binary as setuid, nor does any gui toolkit, so the issue is not really our problem, the problem is with the fool who runs with setuid. However, in response to the publicity, he has now posted a patch to make this very explicit https://codereview.qt-project.org/#change,74531
Re:Not just X.org by sploxx · 2014-01-05 17:39 · Score: 1

Hey Wonko,
this is totally unrelated to this post of yours. In the C+= discussion thread, you post about a tweet on twitter calling for job terminations or similar, the link is broken now, do you have a backup somewhere?
Cheers & thanks!
Re:Not just X.org by Wonko+the+Sane · 2014-01-05 20:10 · Score: 1

No, I guess I should have taken a screenshot or something.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2013-12-31 12:44 · Score: 0

Cue hords of posts demanding that X11 must die because Wayland does everything better.

What's the point of X12/Wayland if it didn't?

Re:When will Wayland contain this essential featur by Anonymous Coward · 2013-12-31 12:56 · Score: 0

What's the point of X12/Wayland if it didn't?

...exactly!

Isn't This The Way? by Anonymous Coward · 2013-12-31 15:11 · Score: 0

Isn't this how FOSS is supposed to work?

Now security issues will be examined and fixed.

Re:Isn't This The Way? by Anonymous Coward · 2013-12-31 19:09 · Score: 0

Many of X's bugs are actually features and fixing them will break it. So don't mess with the house of cards, and it may all come crashing down.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2013-12-31 16:39 · Score: 0

"X12/Wayland"

X12 it's not. Wayland is a total re-write. Outside of compatibility shims it's a different design and not X anything. Just call it Wayland and be done with it.

Re:Hotel 1 Bravo by EvilSS · 2013-12-31 16:46 · Score: 1

Given that X is nearly 30 years old... it sounds more like a number of issues were not considered way back when (trust boundaries for one), and that those same mistakes/assumptions have been carried forward for much of this time.

God I hate that word. If there is one word that I wish I could beat out of every developer, it's "assumption". I know they are necessary to an extent, but man do they come back to bite you in the ass every time...

--
I browse on +1 so AC's need not respond, I won't see it.

Just look it up people by dbIII · 2013-12-31 17:08 · Score: 1

Apart from the Xorg hardware drivers it's using to blit it's composed framebuffer onto people's screens.
Wayland is a framebuffer compositor designed to replace a few features in X in a new (and incompatible) way in the interests of speed. It still relies on some stuff made for X, and IMHO that's some of the slowest stuff involved in putting things on the screen (eg. gtk), so it will be a bit of a struggle to get an obvious speed benefit unless improvements are made there as well or it gets it's own toolkit (which means it will start to resemble the complexity of X).

Re: Just look it up people by Anonymous Coward · 2013-12-31 17:44 · Score: 0

DirectFB already supported the ideology of that. I ran a few apps on it a couple of years ago. Sure it has not the same design as Wayland (does it?) but wasnt that a good base to start with rather than starting from scratch?
Re:Just look it up people by Anonymous Coward · 2014-01-01 01:33 · Score: 1

Apart from the Xorg hardware drivers it's using to blit it's composed framebuffer onto people's screens.
Wayland is a framebuffer compositor designed to replace a few features in X in a new (and incompatible) way in the interests of speed. It still relies on some stuff made for X, and IMHO that's some of the slowest stuff involved in putting things on the screen (eg. gtk), so it will be a bit of a struggle to get an obvious speed benefit unless improvements are made there as well or it gets it's own toolkit (which means it will start to resemble the complexity of X).
Chrome(ium) when launching, wastes about 500 milliseconds on blocking calls to the X server because Xlib is retarded, and/or the server is tied up doing stuff it ultimately doesn't need to be doing. If they can take a dent out of that, I'd call that an obvious speed benefit.

RDP and OnLive by tepples · 2013-12-31 17:38 · Score: 2

Meanwhile far less powerful hardware is turning up everywhere and is almost always on a network (eg. congested WiFi) that just does not have the bandwidth to take pixmaps put together by more powerful hardware

Then explain how well RDP has worked usably for me even across the Internet to a PC on what the cable company likes to call "slow DSL from the phone company". Is "congested Wi-Fi" worse than DSL's upstream? And explain how OnLive, Twitch, or any other sort of live streaming video works.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2013-12-31 18:02 · Score: 0

X12? That's an Electronic Data Interchange standard. Nothing to do with the X Window System.

well of course... by smash · 2013-12-31 19:00 · Score: 1

... running a massive service such as that with elevated privileges...

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.

No, Wayland will still take several years by Anonymous Coward · 2013-12-31 21:34 · Score: 1

As long as Wayland doesn't support remoting it will not replace anything. Remoting is needed for non-hobbyist heterogenic environments where you will have to be able to "run" Windows applications on *NIX boxes, and vice versa.

(Most of tailored business applications will never run reliably enough with wine. Also, it is often waste of resources to use fat clients where thin would sufficie. Except you can't do thin clients with Wayland...)

Wayland is so far from feature parity that it can be mostly seen as a joke - for corporate environments that is. When it does something like "ssh -X" and "voila, remote application is running", get back to talking about it. Before that stfu.

Re:No, Wayland will still take several years by Anonymous Coward · 2014-01-01 06:21 · Score: 0

If you're using a UI to remote in *nix, you're doing it wrong. Use SSH you scrub.

Quite a bit of hyperbole in there by medoc · 2013-12-31 21:57 · Score: 1

I only watched the beginning at this point, but the presenter says something that does not bode too well for the rest. Speaking about how it was bad that the client side parser was insecure, especially for setuid clients:

This code was written in the eighties with the assumption that the server is trusted so there is little validation on the client side.

Well, of course the server is trusted. This is the code which runs on your local workstation. If your input terminal is compromised, you're so hosed anyway that it's not really worth considering exactly what hole they will be using !

Re:Quite a bit of hyperbole in there by Anonymous Coward · 2014-01-02 00:12 · Score: 0

I am sure the U.S. General Staff would approve of all this and had been willing to donate millions to MIT for creating this gaping security hole.
See "confessions of a cyber warrior".

Re:When will Wayland contain this essential featur by unixisc · 2013-12-31 22:13 · Score: 1

Fine. Then we'll call the X11 successor X13. Just like IPv4's successor is IPv6

Anything should work on DSL by dbIII · 2014-01-01 00:14 · Score: 0

Worse than X so far in my experience. Maybe it's improved with Win8 but I doubt it. The "entire desktop" thing instead of single applications can be a big speed hit and while RDP is supposed to do that how many implementations actually do? Who forks out the cash for that extra feature? It seems to be very rare to me.

So you are comparing speed - let's lower that bar a bit more. It may work badly on dialup but stuff on X does actually work even under such terrible conditions. RDP was not designed to cope with such situations so it's amusing that people keep trying to compare the two. After all these years it's still a tossup between original VNC and current RDP.

So this "but RDP works on a fast network connection" (which even slow DSL is) is supposed to mean what exactly? X, VNC and everything doing the same job should work with so much bandwidth or it's a badly flawed solution for remote access.

I really do not think you supplied any more here than "something works so the other thing sux". It seems misleading to me.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2014-01-01 00:41 · Score: 0

Clearly you're not a detail kinda guy. If you'd done your homework (lmgtfy) X13 is a commercial Business Management software product. Their lawyers might have something to say about about that.

If your next suggestion is X14, that's a bathroom cleaner – cue the jokes for that in 3... 2... 1...

X15, a rocket plane. Jokes about it being slow in 3... 2... 1...

X16. Maybe we should just cut to jokes about calling the damn thing X-whatever. In 3... 2... 1...

But the real issue is you're apparently missing the point (or in denial) that the successor to X11 is Wayland. Like it or not.

Re:When will Wayland contain this essential featur by James_Duncan8181 · 2014-01-01 02:07 · Score: 1

Jokes aside, trademarks only apply in the same field of business (as can be seen in Apple Corps v Apple Computer). It is Wayland though.

--
"To any truly impartial person, it would be obvious that I am right."

I can provide benchmarks if you want by tepples · 2014-01-01 02:40 · Score: 3, Insightful

Worse than X so far in my experience.

My experience differs: RDP tunneled over SSH responds better than X11 over the same tunnel, especially with these newer X11 GUI toolkits that just push lots of pixels to the X server. And no, Windows 8 isn't involved at all; I'm using Remmina on Ubuntu to view Terminal Services on Windows Server 2003.

I really do not think you supplied any more here than "something works so the other thing sux".

If you need, I can perform benchmarks for you of Ubuntu viewing an application on another Ubuntu machine over X11 and Ubuntu viewing the Windows version of the same application over RDP.

Re:I can provide benchmarks if you want by amorsen · 2014-01-01 05:19 · Score: 1

If you need, I can perform benchmarks for you of Ubuntu viewing an application on another Ubuntu machine over X11 and Ubuntu viewing the Windows version of the same application over RDP.
Feel free to do so, but dbIII only cares about outdated applications not using modern toolkits. X has a great advantage over RDP/VNC/etc. when it can do the text rendering server-side. No modern applications use server-side text rendering, of course.

--
Finally! A year of moderation! Ready for 2019?
Re:I can provide benchmarks if you want by dbIII · 2014-01-01 12:07 · Score: 1

Same applications or apples to aardvarks? I've used X a lot and RDP not much because I've found it unusable for what I was doing - not a fair test but enough to be very skeptical of such suggestions that a full desktop screen scrape is magically better than the shape of a box, what's in it and what has changed.

I can perform benchmarks for you
With respect do it for yourself so that you gain a better understanding of what I'm writing about. While you've been looking into other things I've been looking into this for a few years (remote access for a variety of people over a variety of connections) which is why I've been writing what I have.

especially with these newer X11 GUI toolkits
Which are going to used on top of Wayland anyway!

Maybe your problem is comparing gnomeeyecandyalpha2013 over X to MSNotebook1999 and a sensibly plain background over RDP. Meanwhile the people I've got doing stuff are using stuff with a relatively old Qt, motif and tcl/tk. It's usable over DSL, sucks on dialup but eventually gets there (RDP and VNC would likely time out) and on a LAN works as good as if it was local.

I'm really sick of reading people writing stuff that pretends that what I see every day is not real.
Re:I can provide benchmarks if you want by tepples · 2014-01-02 05:52 · Score: 1

Same applications or apples to aardvarks?
I was planning on using Firefox for Windows over RDP vs. Firefox for Linux over X11. What problems would you foresee with using this as a test case?

the shape of a box, what's in it and what has changed.
In a lot of cases, the majority of it has changed.
Re:I can provide benchmarks if you want by dbIII · 2014-01-02 13:15 · Score: 1

How did those benchmarks go?
Understand what I'm writing about yet?
Re:I can provide benchmarks if you want by smash · 2014-01-08 03:46 · Score: 1

Meh. Been running RDP over the WAN on everything from congested 128kbit frame links to LAN since 1999. I tried running remote X11 over 10 megabit back in teh day and it sucked.
On area where the free *Nix operating systems really need work is decent remote display server speed, yet somehow, most of the free software people seem to be stuck in 1988 and keep believing fallacies like no RDP having no ability to do rootless remote apps, etc.
Meanwhile, in the real world, RDP works. Far better than remote X11. And it isn't even the fastest thing out there by a long stretch.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.

Re:When will Wayland contain this essential featur by Anonymous Coward · 2014-01-01 04:22 · Score: 0

Another detail guy. I wrote nothing about trademarks for X14 or X15. IOW, tell me something I/we don't know!

Picking a name that will be the butt of jokes transcends anything to do with trademarks. Marketing 101: you don't want a name that people are going to laugh at.

Re:When will Wayland contain this essential featur by unixisc · 2014-01-01 05:09 · Score: 1

Wayland is more a replacement, rather than a successor, to X11. A successor would be backward compatible at least.

Binary thinking and change for sake of it by dbIII · 2014-01-01 12:18 · Score: 1

Feel free to do so, but dbIII only cares about outdated applications not using modern toolkits

Change the "only" to "also" and you've got it. Throwing out what works in my workplace for the sake of fashion would impact on the core business and of course cost me my job.
Such thinking on your part and such personal attacks are of course juvenile, especially since what you are advocating is pre-alpha software with a window manager that cannot even iconify or resize windows yet.

You should be ashamed of yourself.

RDP uses the Windows display model by BitwizeGHC · 2014-01-01 14:16 · Score: 1

RDP's display model is, basically, GDI's; in fact the RDP layer appears to Windows as a display device driver exposing all the usual APIs. Which means that the client can push pixmaps across the link, get a handle to the opaque pixmap object (an HBITMAP in Windows parlance if I remember right), and then issue a draw call that just says "draw this pixmap" (or part of this pixmap).

For a lot of samey-looking GUI applications where elements like button backgrounds and borders are reused, this can add up to a huge savings in network traffic.

Of course, X can do this too; in fact the XRENDER extension can do Porter-Duff compositing of server-side pixmaps with an alpha channel. But if you compare RDP making full use of the Windows display model with X11 where the app developer coded it like a VGA video game and just scribbled into a frame buffer which it pushes to X for display on every update, then you're bound to think "holy shit, RDP is fast" and "holy shit, X is slow".

--
N4st0r, trixx0r h0bb1tz0rz! Th3y st0l3 0ur pr3c10uzz!

Re:RDP uses the Windows display model by tepples · 2014-01-02 05:42 · Score: 1

Then how is, say, Firefox for Windows so much more efficient than Firefox for X11?

Cyber Wafare Domain Created by BELL LABS by Anonymous Coward · 2014-01-01 21:37 · Score: 0

A government branch created this shite by infecting developers with the C and C++ abominations.

What we need are memory-safe languages to squash at least 50% of these bugs: Algol, Spark Ada, Modula-2.

Sorry to break this to you my dear Americans, but your technology is also fucked at the conceptual level !

Kind regards

Deutscher Informatiker.

X11, JavaScript, Cyber War Domain by Anonymous Coward · 2014-01-02 00:16 · Score: 0

Can you say "Enabling Technologies" ?

Brought to you by a friendly Admiral with billions in his pockets. And millions of users.

What A LOAD OF SCHEISSE by Anonymous Coward · 2014-01-02 00:21 · Score: 0

You are responding in the best tradition of Corporate Bull$hit. The guy showed you some glaring examples of incorrect memory management, probably exploitable, and what do you do ? Not fixing, talking shite.

Or do you dispute his claims ? If yes, please state this clearly instead of posting a boilerplate of generic bureaucratese.

You know what ? Nobody needs to use Qt. There are tons of alternatives and your behaviour will be sufficient to nail Qt's coffin shut.

Re:What A LOAD OF SCHEISSE by Danious · 2014-01-02 03:48 · Score: 1

Ah, if that wasn't so funny, I wouldn't bother replying :-) Corporate? Neither I nor the security guy who discussed this are employed to work on Qt, we're from KDE and this is all in our own time. Boilerplate? Nope, in true Slashdot tradition it's just off the top of my head :-) Tons of alternatives? Name one. Even Linus has moved to Qt for its cross-platform abilities, no other toolkit comes close, and its our demanding standards that keeps people using Qt. We'll be around long after AC's like you have left.
The guy who raised the issue was told we don't view it as a security issue, and he agreed that it only affects apps running under setuid which we don't support. We asked him to open a bug report so we could deal with it through normal processes. He didn't. If he can't even be bothered to log a bug with Qt or KDE then why should we accord him the same respect as researchers who follow protocol and work with us to resolve real issues?
Re:What A LOAD OF SCHEISSE by Anonymous Coward · 2014-01-02 05:01 · Score: 0

Whatabout the "invalid delete[]" thing with argv-sourced pointers? Did he make it up ?
Regarding alternatives, there are gtk, fox library, wxWidgets, the staroffice GUI lib, JuCE just to name a few.

Benchmark results by tepples · 2014-01-03 14:15 · Score: 1

How did those benchmarks go?

Test procedure Connect to Windows or Ubuntu server using a display protocol forwarded through SSH and open Firefox. Navigate to an intranet page, enter my name and password, navigate to a page with a calendar, and hide and show the calendar. Result in Firefox for Windows over RDP Update completes in less than 200ms. Typing my username responds as fast as if it were local. Result in Firefox for Linux over X11 Not as painful as I had seen the last time I ran this test, but still takes about 1 second. Sometimes just typing my username lags noticeably.

Understand what I'm writing about yet?

No, sorry :(

Recompile the toolkit by tepples · 2014-01-08 05:21 · Score: 1

Does that mean that applications will support X IF I can compile them myself? [...] Or will any program built using a toolkit that supports both just run on either without any added difficulty?

I see no reason for the popular toolkits (GTK+ and Qt) to discontinue support for X11 in the near future. The toolkit could make X11 support a compile-time option, but then it's a matter of recompiling the toolkit, not the applications. An X11-focused distribution is likely to keep the X11 support option turned on in the distro's counterpart to USE flags.

I also see posts that someone has remote display working on Wayland posted on some GIT repository. But, what does one need to do to use it?

Once Wayland makes it into an end-user distribution, I'm about 90 percent sure that someone will post a remote desktop HOWTO within the first two weeks.

Slashdot Mirror

X11/X.Org Security In Bad Shape

179 comments