Linux

8114 readers

75 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

founded 1 year ago

MODERATORS

[email protected]

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (www.phoronix.com)

submitted 2 weeks ago by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

top 13 comments

sorted by: hot top controversial new old

[–] [email protected] 27 points 2 weeks ago

I love the link thumbnail!

[–] [email protected] 13 points 2 weeks ago (1 children)

Is this news worthy? X is the classic example of how a code base becomes completely unmanageable

[–] [email protected] 1 points 2 weeks ago

Yeah the original x11 (x windowing system) has not been updated since 2012 (xorg in April 2024) it makes sense

[–] [email protected] 12 points 2 weeks ago

Lol not even reading it because I've always assumed that if there's an RCE on desktop it will inevitably lead to full system compromise.

😅

It's trust all the way down.

[–] [email protected] 4 points 2 weeks ago* (last edited 2 weeks ago)

Considering x windowing system (the original x11) has not been updated since 2012 it makes sense (but xorg popular x11 Implementation was last updated in April 2024)

[–] [email protected] 3 points 2 weeks ago (1 children)

I know Phoronix comments, but what's up with the Linux Mint hate?

[–] [email protected] 7 points 2 weeks ago

Tbf, there's 1 Mint comment and 1 reply to that comment.

[–] [email protected] -5 points 2 weeks ago (4 children)

By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

Maybe we should stop writing security critical software in memory unsafe languages. I now this vulnerability was introduced a long time ago, but given that major Wayland compositors are still written in C, something like this isn't too unlikely to happen again.

[–] [email protected] 21 points 2 weeks ago

Let's re-write all currently existing software in Rust, then there will be no more security holes, and every computer will be safe forever.

[–] [email protected] 12 points 2 weeks ago (1 children)

Wait till bro find out the program written in the "memory safe language" depends on many libraries written in C

[–] [email protected] 1 points 2 weeks ago

Everyone knows. There’s nothing to “find out”.

[–] [email protected] 8 points 2 weeks ago

The problem is a huge codebase that no one understands.

[–] [email protected] 4 points 2 weeks ago

major Wayland compositors are still written in C

KWin is written in C++ but yes, it's not a "safe" language.

something like this isn’t too unlikely to happen again.

With at least three mainstream implementations – KWin, Mutter, and wlroots – it's highly unlikely that all would ever be equally affected by one bug.