• From: Felton, California, USA
  • Registered: 2011-07-21
  • Posts: 353

Topic: X.org security problem?

Forgive me if this isn't the right forum for this, and a moderator is certainly welcome to move it if need be, but we were discussing this in #scale on OFTC this afternoon. Apparently there's a security glitch in X.org X server that affects version 1.11

http://www.phoronix.com/scan.php?page=n … px=MTA0NTA

Now . . . as far as I can tell, I think the latest Statler has X.org X server version 1.10.4 -- at least that's what mine has. Is 1.10.4 the latest version that comes with Statler, or am I behind?

Last edited by lcafiero (2012-01-24 01:09:35)

Res publica non dominetur

lcafiero's Website

  • Registered: 2011-11-22
  • Posts: 1,317

Re: X.org security problem?

Does anyone else think the ability of someone to bypass the screensaver screen lock is less than "An Easy But Serious Screensaver Security Problem In X.Org" ?? Really -- if this is the kind of security problems we're worried about...  I don't even use the screensaver.

After locking the screen of the Debian desktop, it was simply a matter of pressing the CTRL+ALT+Keypad-Multiply combination and you're back at the desktop without inputting any password.

"simply a matter of pressing the  CTRL+ALT+Keypad-Multiply combination" wow, that's a serious security hole...

Last edited by 2ManyDogs (2012-01-24 01:19:38)

  • From: Felton, California, USA
  • Registered: 2011-07-21
  • Posts: 353

Re: X.org security problem?

Well, I don't use the screensaver either. But some do. I'm just bringing it up for those who might want to know about these things -- from both a development and a security standpoint (if there is a concern on the latter).

Res publica non dominetur

lcafiero's Website

  • Registered: 2011-11-22
  • Posts: 1,317

Re: X.org security problem?

Sorry -- I just felt the need to rant a little. I've seen this before and your post just set me off. Never mind. hmm

Last edited by 2ManyDogs (2012-01-24 01:30:26)

  • From: Felton, California, USA
  • Registered: 2011-07-21
  • Posts: 353

Re: X.org security problem?

Rant away, and I didn't mean to imply this was a huge emergency (and I don't think I did). And I agree -- this SHOULD be the biggest security problem that comes up in X.org X server 11.1.

But just typing a key combo that works across the board on all distros using  X.org X server 11.1, except #! it appears, could be a problem for some.

Last edited by lcafiero (2012-01-24 01:41:06)

Res publica non dominetur

lcafiero's Website

  • From: #! NightClub
  • Registered: 2011-06-02
  • Posts: 3,869

Re: X.org security problem?

It is not a problem under Statler as it uses an older xserver as far as I know, I am on Debian Sid and the security hole is solved now. Look at my post from here: http://crunchbanglinux.org/forums/post/181313/#p181313.

Font Task Force | The ultimate MPD guide | Little MOC how-to

The sound of #! COFFEE
  • From: Felton, California, USA
  • Registered: 2011-07-21
  • Posts: 353

Re: X.org security problem?

Ah, so you did, ivanovnegro -- thanks for that and sorry for reposting.

Res publica non dominetur

lcafiero's Website

  • From: #! NightClub
  • Registered: 2011-06-02
  • Posts: 3,869

Re: X.org security problem?

^ No problem. I can understand your concerns. I think it was a big security hole and I neither use the screensaver.

Font Task Force | The ultimate MPD guide | Little MOC how-to

The sound of #! COFFEE