Slashdot Mirror

← Back to Stories (view on slashdot.org)

X11/X.Org Security In Bad Shape

Posted by Soulskill on from the i-blame-the-schools dept.

An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.' The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."

11 of 179 comments (clear)

  1. Is X security really a problem? by Anonymous Coward · · Score: 4, Interesting

    Aren't we going to replace it with Wayland or something really soon?

  2. XWayland by tepples · · Score: 4, Informative

    Every X11 server needs a rendering target. For some X11 servers, this is a video card. For others, it is a virtual frame buffer that gets served through X11VNC or XRDP. And on machines running Wayland, the X11 server will render to the Wayland compositor. Porting an application's GUI toolkit allows the application to bypass XWayland, but not all applications will be ported to Wayland immediately, especially proprietary software no longer under mainstream support and free software without a large enough user base. But once enough applications get ported, the more complex and less security-hardened parts of X11 will be paged in only while an X11 application is updating its window.

  3. When will Wayland contain this essential feature? by blackpaw · · Score: 3, Funny

    Cue hord of posts demanding that Wayland must die as it can never replicate the mass security violations that X11 contains.

  4. Re:ANOTHER Phoronix post? by Anaerin · · Score: 5, Insightful

    I'm sorry. You were complaining about a news (Yes, news) story about a talk from CCC (Which is highly popular with, and immensely relevant for, nerds), posted on Phoronix (A website that devotes itself almost entirely to information, news and reviews on hardware and software from a Linux-based perspective), about a lot (120+) of security holes (Things that matter) in the X11/X.org servers (Which are the basis for (almost) all GUI-driven applications in Linux, *BSD and some of OSX).

    By my count, that makes this story "News", "For Nerds", and "Stuff that matters". Oh, and the irony in posting that Phoronix is a "Link Farm" on /. is almost entirely palpable.

  5. Broken by design by Misagon · · Score: 3, Informative

    It is not the way X works is particularly secure to begin with. Once an app has a connection to the X server, it has full control over the world of window, pixmaps and events on the server including of course all other apps.

    Not that I have any faith in Wayland or Mir being any better, its developers coming from the X world in the first place, I am sure that they will make their new shiny systems vulnerable in the same ways.

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
    1. Re:Broken by design by phantomfive · · Score: 4, Insightful

      Doesn't everyone use X over an ssh tunnel anyway? I haven't used a raw X connection in over a decade.....

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Broken by design by Rich0 · · Score: 4, Insightful

      Doesn't everyone use X over an ssh tunnel anyway? I haven't used a raw X connection in over a decade.....

      That doesn't help at all. He's talking about the fact that any X client can obtain information from any other X client on the same server. Tunneling the X clients through ssh doesn't help at all - it just causes the server to make all that information available over ssh.

      Granted, the last time I checked linux makes the memory space of every process for any uid available to any other process running under the same uid (unless you're using SELinux). It is just that big unixy trust-everything-local attitude.

      Why is this sort of thing bad? Well, now not only can a browser exploit result in a script being able to sniff your keyboard traffic to other tabs in the same browser, it can also sniff your keyboard traffic to every other window on your display, regardless of where those clients are actually running. There are ways to block it, but nobody uses them as they are rather inconvenient (xterm probably still supports it though).

      However, until we close the gap of by web browser being able to read my mail directory or modify my .bashrc, I think that X11 vulnerabilities are just the tip of the iceburg.

  6. Re:Hotel 1 Bravo by jd · · Score: 5, Insightful

    Some were certainly considered but prohibited by law. Due to crypto export restrictions, it wasn't until the limits on Open Source were loosened that X was legally permitted to have any kind of meaningful security. The non-export version still had to talk to the exportable edition, after all.

    Yes, X was (and is) incredibly sloppy by today's standards and yes a lot of that was due to poor decisions in the days of X10. (Yes, boundaries are a decision. MIT could have chosen any sort of access control list system they wanted, with yet another library handling it. You could have then substituted whatever you wanted, so long as the API remained the same. Pretty much futureproof, no significant extra coding, easier to maintain than what they actually did.)

    The coding flaws - of which there were many - were often detectable by tools as ancient as lint.

    But you must also remember, X10 and X11 were never intended as products. They were reference implementations of a protocol, not finished products intended for actual use. The different vendors were always "supposed" to provide their own.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  7. Re:The process by dasunt · · Score: 4, Insightful

    This is a good thing. This is the way it is supposed to work. This is how things get better. A little late, but it good to see this happening.

    No. I think it's time to throw X out. We'll make a new implementation, complete with everything I use (we'll plan to add stuff you want later), with all new code, because new code never has any security holes!

  8. Re:Fucking kill it already by fikx · · Score: 3, Informative

    All X11 apps "support" it...that's the beauty of X11 network functionality: apps don't HAVE to support it, it comes free.

    --
    AB HOC POSSUM VIDERE DOMUM TUUM
  9. I can provide benchmarks if you want by tepples · · Score: 3, Insightful

    Worse than X so far in my experience.

    My experience differs: RDP tunneled over SSH responds better than X11 over the same tunnel, especially with these newer X11 GUI toolkits that just push lots of pixels to the X server. And no, Windows 8 isn't involved at all; I'm using Remmina on Ubuntu to view Terminal Services on Windows Server 2003.

    I really do not think you supplied any more here than "something works so the other thing sux".

    If you need, I can perform benchmarks for you of Ubuntu viewing an application on another Ubuntu machine over X11 and Ubuntu viewing the Windows version of the same application over RDP.