Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (www.phoronix.com)

submitted 2 days ago by mox@lemmy.sdf.org to c/linux@lemmy.world

13 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[+] d_k_bo@feddit.org -6 points 2 days ago

By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

Maybe we should stop writing security critical software in memory unsafe languages. I now this vulnerability was introduced a long time ago, but given that major Wayland compositors are still written in C, something like this isn't too unlikely to happen again.

[-] superkret@feddit.org 21 points 2 days ago

Let's re-write all currently existing software in Rust, then there will be no more security holes, and every computer will be safe forever.

[-] leo85811nardo@lemmy.world 12 points 2 days ago

Wait till bro find out the program written in the "memory safe language" depends on many libraries written in C

[-] 2xsaiko@discuss.tchncs.de 1 points 2 days ago

Everyone knows. There’s nothing to “find out”.

[-] possiblylinux127@lemmy.zip 7 points 2 days ago

The problem is a huge codebase that no one understands.

[-] woelkchen@lemmy.world 4 points 2 days ago

major Wayland compositors are still written in C

KWin is written in C++ but yes, it's not a "safe" language.

something like this isn’t too unlikely to happen again.

With at least three mainstream implementations – KWin, Mutter, and wlroots – it's highly unlikely that all would ever be equally affected by one bug.

this post was submitted on 29 Oct 2024

92 points (100.0% liked)

Linux

8028 readers

18 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

founded 1 year ago

MODERATORS

MigratingtoLemmy@lemmy.world