Thread replies: 45
Thread images: 2
Thread images: 2
Anonymous
X.Org Hit Hard By A Large Batch Of Security Vulnerabilities 2014-12-09 13:59:35 Post No. 45546083
[Report] Image search: [Google]
X.Org Hit Hard By A Large Batch Of Security Vulnerabilities 2014-12-09 13:59:35 Post No. 45546083
[Report] Image search: [Google]
X.Org Hit Hard By A Large Batch Of Security Vulnerabilities
Anonymous
2014-12-09 13:59:35
Post No. 45546083
[Report]
>Among the vulnerabilities are an unchecked malloc in client authentication leading to a potential denial of service, integer overflows, and out of bounds access due to not checking lengths/offsets in requests.
Source: http://www.phoronix.com/scan.php?page=news_item&px=MTg1ODQ
So judging from this paragraph we can see that the main reason for these vulnerabilities is not a question of bad design but because C, which is a very error prone language, was used.
C is cool for your little project, but we are humans and we make mistakes so for fuck's sake start using a language that actually helps you avoiding them.
Trully yours, Anon.
>>
X is old as fuck, there wasn't a realistic alternative at the time... unless you think FORTRAN is better.
>>
Ok
>>
CFAGS GETTTING BTFO'D
EMBRACE THE SUCCESSOR, ALL HAIL C++, ALL HAIL SMART POINTERS!
>>
>>45546175
Well then it shouldn't even be that old because about 10 or 15 years ago it should have been rewritten from scratch.
>>
>>45546274
>that old
>should have
>rewritten
>>
You guys should know that X is a steaming pile of shit and it is the only reason linux still can't compete with windows on the desktop.
It has nothing to do with C.
You know what was written in C?
Wayland.
Wayland is the future.
>checking lengths/offsets in requests
>not a question of bad design
Please, get back to your classes schlomo.
>>
>blames C and not X for being a steaming pile of legacy shit
>>
>>45546338
>Please, get back to your classes schlomo.
>>45546385
>blames C and not X for being a steaming pile of legacy shit
C makes creating these kind of errors so fucking easy. It's simply stupid to use it anymore in the name of
>muh performance
>muh developer should know better than writing bad code because real developers don't it
Enjoy your vulnerable software faggets
>>
>>45546244
Somebody has to write C guys, not everyone can use python and C++ for everything.
Believe it or not, somewhere in the world, where all the real work gets done, memory actually matters.
>>
>>45546419
Yeah and guns make it easy to shoot people.
>inb4 libtard student agrees with me
>>
Sorry OP but C/C++ is the only valid choice for writing a graphical backend/window server.
>>
>>45546419
>>45546419
>C makes creating these kind of errors so fucking easy. It's simply stupid to use it anymore
X was written like 30 years ago and many of these bugs are from 20+ years ago. This was a time before remote exploits in software was a thing that people seriously took into consideration.
The issue here is that that 20 year old code hasn't been audited thoroughly since then. X's huge disgusting codebase is probably making auditing very difficult.
>>
>>45546083
nigger you think someone's going to write a fucking displayserver in java? you think someone's going to write a kernel in python?
get your head checked bitch cause your shit aint straight
>>
>>45546083
X was never secure. This is nothing new.
>>
X is dead. Wayland will correct all these shortcomings.
>>
>>45546569
>write a fucking displayserver in java?
No but they might in proper C++
>you think someone's going to write a kernel in python?
No but they can write it in Common Lisp
>>
>>45546560
That's the difference between MULTICS and Unix.
MULTICS was designed to be secure from the ground up.
Unix made security an afterthought and was rediscovered as a "secure" OS because compared to MS-DOS, Win 3.x, and classic MacOS, it was.
>>
>>45546569
PL/I, Ada, and Modula were around for a long time.
C is not the only systems language.
>>
>mfw there will be X.Org purists when Wayland becomes stable
>>
>>45546849
Nigga ya can't write a kernel in fucking lisp.
>>
This is why Jolla uses Wayland
>>
>>45546556
This.
I've been looking into trying to write a wayland compositor, and using anything other than C would be a nightmare.
>>
>>45547464
Soon...
>>
>>45548492
Fedora 21 with Wayland as default display server ships this weekend.
>>
>>45546790
Does it fix the problem where a user-mode process can hog 100% CPU and timeout your logins even if you use a virtual console, effectively allowing any retard's JavaScript to execute a denial of service on your own machine?
>>
>>45547464
Yes you can you uneducated peasant. Lisp machines working is the proof of that.
You can write a kernel in fucking python, in fucking lua, in fucking brainfuck, in whaterver the fuck you can think of. If it's appropriate to do so is debatable.
>>
>>45549718
But what is going to allocate the resources to the python/lua/whatever interpreter?
>>
File: tumblr_mjr8lcqNJL1ryt7ogo1_400.gif (959KB, 320x180px) Image search:
[Google]
959KB, 320x180px
>>45549745
Do you honestly think it's impossible to interact with the hardware with any language other than C?
>>
>>45546175
>Lisp, Simula, Algol, Pascal, etc. didn't exist before C.
C is shit that should never be used.
>>
>>45551480
>Pascal
>Better than C
Go eat quiche somewhere else
>>
>>45546083
>So judging from this paragraph we can see that the main reason for these vulnerabilities is not a question of bad design but because C, which is a very error prone language, was used.
Doesn't matter, xorg is still fucking shit and needs to die already.
>>
>>45546453
>C++
>Memory not mattering
You what mate?
>>
So let me see if I got this down.
Wayland, a way for graphics using application to communicate with the kernel/hardware, makes X redundant, and once I run a window manager that is a wayland compositor, I can ditch X, because wayland includes xwayland?
How right and how fucked was that?
>>
>>45551564
>C++
>Even having the ability to manage memory
new is not memory management.
>>
>>45547106
They already exist.
>muh network transparency
>muh seperation of window manager and compositor
>>
>>45551627
Are you literally retarded? You can manage memory in the exact same way you do in C if you want. Christ you're dumb.
>>
>>45551603
Pretty much spot on. It's worth noting that you'll almost invariably be still running apps that aren't Wayland-native, and thus will require Xwayland, which means you're not "fully" ditching X. X won't become redundant anytime soon.
http://wayland.freedesktop.org/xserver.html
>>
>Hey guys, C# is open source now, let's build everything in C#!
>>
>>45551672
Can xwayland be made faster and/or more secure than running full xorg?
>>
>Cfags don't understand that operating systems also need assembly language in order to actually work.
>The probably think some operating systems are written entirely in C.
>They also think you can't do everything asides from that small amount of assembly in Lisp, as has already been done.
>>
>>45551744
I have literally never hear anyone say any of that. You're just making shit up.
>>
>>45551761
Which part?
>>
>>45546083
>C IS MAINSTREAM THEREFORE C IS BAD K? LET'S MAKE 40 THREADS A DAY ABOUT THIS K?
>>
>>45551692
I don't know about faster, but Xwayland clients are still going to be able to snoop on other Xwayland clients. But the X server won't be running as root so there's that.
Thread posts: 45
Thread images: 2
Thread images: 2