• Mwa
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 hours ago

    Considering x windowing system (the original x11) has not been updated since 2012 it makes sense (but xorg popular x11 Implementation was last updated in April 2024)

  • mvirts@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    14 hours ago

    Lol not even reading it because I’ve always assumed that if there’s an RCE on desktop it will inevitably lead to full system compromise.

    😅

    It’s trust all the way down.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    5
    ·
    17 hours ago

    Is this news worthy? X is the classic example of how a code base becomes completely unmanageable

    • Mwa
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 hours ago

      Yeah the original x11 (x windowing system) has not been updated since 2012 (xorg in April 2024) it makes sense

  • exu@feditown.com
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    18 hours ago

    I know Phoronix comments, but what’s up with the Linux Mint hate?

  • d_k_bo@feddit.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    12
    ·
    17 hours ago

    By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

    Maybe we should stop writing security critical software in memory unsafe languages. I now this vulnerability was introduced a long time ago, but given that major Wayland compositors are still written in C, something like this isn’t too unlikely to happen again.

    • superkret@feddit.org
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      17 hours ago

      Let’s re-write all currently existing software in Rust, then there will be no more security holes, and every computer will be safe forever.

    • leo85811nardo@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      ·
      16 hours ago

      Wait till bro find out the program written in the “memory safe language” depends on many libraries written in C

    • woelkchen@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      17 hours ago

      major Wayland compositors are still written in C

      KWin is written in C++ but yes, it’s not a “safe” language.

      something like this isn’t too unlikely to happen again.

      With at least three mainstream implementations – KWin, Mutter, and wlroots – it’s highly unlikely that all would ever be equally affected by one bug.