I feel this is an important detail to keep in mind while choosing a fork.
And it's not like metux will suddenly become more careful just because he does not have to worry about other anymore. If anything, I expect there to be much faster changes and much more breaking things... Here is a great quote [0]
> @metux that you've had to fix this bug twice (!1844 (merged), !1845 (merged)) shows a lack of attention and care. This was a known regression, with clear reproduction steps, and at first glance, it does not look like you tested your PR at all.
> And that goes in general; I really haven't seen the level of care and attention I would expect to see in these patches; several of them had obvious buffer overflow issues that would have easily been caught if tested.
[0] https://gitlab.freedesktop.org/xorg/xserver/-/issues/1797#no...
https://github.com/X11Libre/xserver/blob/master/HISTORY.md
Doesn't mention "woke" but the style is reminiscent to me from grandiosity/paranoia issues
These are both phrases used by people who are anti-woke (I guess asleep would be the proper term).
And they’d rather spend their energy on giving you a compelling reason to switch, rather than using it to add to the reasons for staying on a project they now consider obsolete.
You may disagree with their assessment, but you can’t blame them for how they decide to prioritize.
They certainly say that to people a lot. Oftentimes the person saying it is young enough that I wonder how much time they spent working on X.
So I doubt age is the deciding factor ;)
Fil-C exhibits the lowest overhead in code that spends its time on primitive bits.
Fil-C exhibits the highest overhead in code that chases pointers.
I'm assuming X is the former. Weston seems to be.
_Strictly_ speaking X11 is only there because, after all those years, Wayland still does not meet expectations.
If it was the other way around, would an open source or whatever project have been able to take Twitter.org?
rwmj•3mo ago
jeroenhd•3mo ago
X11's practical absence of any security mechanisms for user sessions means you should probably not run any kind of low-trust UI program anyway, as there is no prevention of keystroke injection or screen recording, but that's a design flaw that will never be solved. That doesn't mean that EoP style attacks like these should be ignored or underestimated, though.
mrktf•3mo ago
And going to rabbit hole there are even proof of concept security implementation named Xnamespace for Xorg fork (needs polishing and much more patches but looks doable. see wip documentation: https://raw.githubusercontent.com/X11Libre/xserver/d2b60a3d6... )
lotharcable•3mo ago
embedding-shape•3mo ago
lotharcable•3mo ago
The deal here is that the only way to fix X11's security issues is by breaking all those types of workflows and forcing application rewrites to implement them in authenticated ways.
So if you are going have to go and break all that stuff, why not fix a crapload of other problems while you are at it?
Calling Wayland "X13" may have avoided a lot of misunderstandings, but it probably would of caused others.
embedding-shape•3mo ago
Maybe it's both? There are applications with good reason that need to chose their location themselves, and users who want that type of behavior, so it's definitively not just a security issue.
accelbred•3mo ago
embedding-shape•3mo ago
Maybe, just maybe, some people know what they want, and if they want applications that can put themselves in specific corners, why shouldn't the desktop let the applications do that, if the user is OK with it?
immibis•3mo ago
mikkupikku•3mo ago
justin66•3mo ago
Hey come on man, a locking screen saver is a totally niche application. No demand for that.
mikkupikku•3mo ago
udev4096•3mo ago
justin66•3mo ago
https://www.jwz.org/blog/2025/07/xscreensaver-wayland-and-lo...
justin66•3mo ago
ethin•3mo ago
justin66•3mo ago
josefx•3mo ago
justin66•3mo ago
jonway•3mo ago
justin66•3mo ago
ethin•3mo ago
array_key_first•3mo ago
Which, well, we do. Practically all the X usecases are covered on Wayland systems now. Screen sharing, screen clipping, global hotkeys, file pickers, getting the window title like you said... I can do all of that on KDE, right now, under Wayland.
mikkupikku•3mo ago
tuna74•3mo ago
rcxdude•3mo ago
ethin•3mo ago
The proper thing Wayland should've done is waited until Wayland had reached feature parity with X, then released it to the world and started acting like it's the future.
gf000•3mo ago
> The proper thing Wayland should've done is waited until Wayland had reached feature parity with X
How on Earth would you expect a fundamental protocol to be developed behind closed doors?! Wtf even.
ethin•3mo ago
Yeah but again this fragments the ecosystem massively. If people really wanted flexibility they could've just made it a configure option or something equivalent?
> How on Earth would you expect a fundamental protocol to be developed behind closed doors?! Wtf even.
Your making a pretty big assumption here, aren't you? I never said it had to be developed behind closed doors. It's the "lets just obsolete X11 even though Wayland can't even replicate a quarter of it's functionality right now now now because of security security security" that irritates me. If they had worked on Wayland and obsoleted it once they had reached feature parity, that would be releasing it to the world. Then they would've had far less friction and the transition would've been a lot smoother. Would it have delayed Wayland by maybe a decade? Sure, but I see little issue with that. IMO that probably would've made Wayland even better.
gf000•3mo ago
kasabali•3mo ago
1. Claiming XFree86 evil
2. Forking it as X.org
3. Shortly after all distros finished switching to X.org, declaring it obsolete and announcing wayland
4. stopping any major development on X.org immediately even though it's was the one and only option at the time
5. and channeling all development resources (not only on the display server, but also downstream users like toolkits, DEs etc.) to rewrite their code for a protocol that wasn't even gonna be usable until a 10+ years later
6. Depraving Linux desktop users from 10-15 years of improvements and making Linux graphis stack stuck in 2000s
wasn't hijacking the Linux graphic stack?
I mean had Steve Balmer wanted to sabotage Linux in desktop he couldn't do better
tuna74•3mo ago
kmeisthax•3mo ago
The main mistake FD.o made is that they didn't get consensus on a "Desktop Profile" extension, so all the DEs wound up implementing their own thing. This is still fixable, just very annoying until we have agreement on this shit. I think that's what you meant by "feature parity with X".
[0] Currently, every desktop VR setup has to have two layers of compositors. VR applications have to communicate with a special VR compositor that then draws normal desktop windows with the contents of what should be hitting each eye of the VR display, all so it can pretend to be two normal displays.
ethin•3mo ago
somat•3mo ago
An antidote on non desktop use of X: the other day I wanted to show a program on my phone, there are many good ways to do this, but I picked none of them. Instead I had just installed a terminal on the phone and noticed they had an X11 package, So A few minutes later I was the proud owner of an X server on a phone. And you know what... It was pretty great. My gaming system load and temps dashboard were displaying just fine.
Despite using X for many, many years, I had never just sat down and played with a bare X server, I had only dealt with it through the lens of a locked down, encumbered desktop system. It was like having a network attached monitor. From whatever system I was using as a desktop system I could just go "display this on that monitor", in this case a phone. Based on that experience I put a raspberry pi on my TV running a bare unprotected X server because having a network attached monitor rocks.
yjftsjthsd-h•3mo ago
It's not inherent. If I change to another X DE, I can keep all my other programs and the features they implement.
dev_hugepages•3mo ago
LtWorf•3mo ago
ethin•3mo ago
lelanthran•3mo ago
Are you sure? I looked at that earlier this year for a personal tool I wanted to create and found no way to do it on Wayland (On X, I did it just fine).
I had a long back and forth about this very thing with both Claude and ChatGPT, and neither conversation was fruitful: every option had some dependency (like switching to KDE, or similar).
tuna74•3mo ago
kasabali•3mo ago
X.org developers, not X11 developers.
uecker•3mo ago
¹. I used to use this and also fixed some bugs in some programs. The main problem when I last checked a decade ag was that some important extensions such as composite would need to be exposed to untrusted clients.
rich66man•3mo ago
Who exactly should and can control the horde of OSS developers?
DarkmSparks•3mo ago
Jasper_•3mo ago
The Wayland keylogger acts like an application; all Wayland compositors will only send key events to the focused surface, so the user has to focus an active surface in order to get key events. Even in the scenario where you've LD_PRELOAD-hooked all applications, you still will never get the lock screen password, as the compositor never sends it out across the wire.
LD_PRELOAD is problematic from a security perspective, but it's not Wayland-specific: the same issue is true for CLI applications and X11 applications, and any attacker with the ability to write files could also just replace your binaries with malicious ones (stuff them somewhere into ~/.hidden, and then add a $PATH entry to the start).
uecker•3mo ago
froh•3mo ago
I wonder how this debate was mainstream? did some gamers try to squeeze 3 extra percent by taking the protocol out of local stacks? there must have been better ways to do that, without throwing out all X11 benefits?
to this day I'm annoyed I can't have a decent window manager integration on gWSL because the compositor doesn't implement the full window manager protocol.
uecker•3mo ago
ElectroBuffoon•3mo ago
Control upstream, then companies wanting solutions will go to you first. Because why go to someone else in the FOSS market, when there is no certainty the code or standard (extension, protocol, etc) will get accepted, forcing you to maintain a fork? With IBM-RH and Ubuntu doings eg., it's hard to say FOSS is immune to vendor lock-in.
throwaway7486•3mo ago
Wayland is open source with a fixed core protocol that's extremely stable, which anyone can build on. New protocols are constantly proposed. The core is minimal and defines how applications interact with the compositor to render and produce the final output. Control by a single entity is virtually impossible. Wayland ensures everyone has a voice because it's an open protocol which means discussion and development are done in the public.
froh•3mo ago
specifically the wslg stack does not enable Linux gui apps to smoothly integrate with the Windows window manager, because some bits are missing in the Windows Wayland stack, clipboard, window decorations, thumbnails, maximize into a part of the monitor? nope. and no patches taken. supposed you figure where to offer them and how.
throwaway7486•3mo ago
froh•3mo ago
throwaway7486•3mo ago
This is incorrect. Kristian Høgsberg has explicitly stated that a primary motivation for Wayland is the reduced need for a central X server, as many programs already bypass it.
uecker•3mo ago
throwaway7486•3mo ago
Wayland is an evolution of the previous design. X11's architecture had clients sending drawing commands to the X server, a method that became limited and required extensions over time. Wayland's approach is: applications perform their own rendering into their own separate buffers, then tell the compositor when they are ready. The compositor takes those buffers to produce the final image.
Because those buffers are separate, enhanced security is a direct side effect. Wayland is the result of decades of experience and represents the current way of doing things.
uecker•3mo ago
throwaway7489•3mo ago
I'm aware that extensions exist now, like present, which make it possible to send buffers, similar to how Wayland operates, so you don't have to do things the primitive way.
However, to claim to speak the X protocol, you still need to support the older functionality, that's what I mean by a tremendous amount of functionality to support. The moment you get rid of that old functionality, you've essentially created a new protocol, which is what Wayland is.
How is that point nonsense? I don't want to see X go, but I don't think it's reasonable to prevent progress.
gnabgib•3mo ago
throwaway7489•3mo ago
uecker•3mo ago
throwaway7489•3mo ago
Wayland doesn't break anything, it's a completely new protocol. Claiming Wayland breaks your use case is like saying systemd broke old init scripts. It did because it's a different system.
Wayland isn't trying to be Xorg 2. It's a protocol. At its core it's only a compositor protocol. Everything built on top is up to the implementation developers.
froh•3mo ago
and that's exactly creating the problem: Window management for example is left as an excercise to the reader. thus (my point above) the WSLg interop for graphcial applications _sucks_ compared to where X Servers already were. and if MS doesn't implement what's needed, it won't come. no way to fix it in the Linux or on the Windows side. the MS Wayland thingie in between tightly controls what is possible.
uecker•3mo ago
throwaway7489•3mo ago
uecker•3mo ago
throwaway7489•3mo ago
uecker•3mo ago
throwaway7489•3mo ago
uecker•3mo ago
jeroenhd•3mo ago
Xnamespaces looks to be more promising, but as far as I can tell that's still a WIP with little documentation, and from the documentation I can find it looks like it still breaks things like clipboard functionality.
1718627440•3mo ago
bmacho•3mo ago
Permission system? X11 with a permission system is the next logical step for Unix graphics. There is absolutely no need to break 40 years of graphic software, or throw away 40 years of accumulated features.
1718627440•3mo ago
mikkupikku•3mo ago
_flux•3mo ago
asveikau•3mo ago
Note you have multiple virtual consoles which can have independent X servers.
_flux•3mo ago
Good point about display manager though, I suppose it's not using Xorg then as I do know there is a login screen waiting at vt1 but that's the only Xorg process. Maybe the gdm3 incorporates a Wayland implementation in Debian 13.
josefx•3mo ago
0xbadcafebee•3mo ago
Any program you run on a computer (especially a Linux computer, which lacks modern OS security measures and has constant privesc kernel holes) exposes you to security flaws. There has yet to be any computer system designed that a hacker can't break out of. If you intentionally download and execute a program, you are rolling the dice, regardless of what the software is.
What's insane about all these discussions is that NOBODY IS HACKING X SERVERS. There's a thousand other kinds of software on Linux that there is real malware for. But nobody is trying to hijack your X11 session. This imagined threat is a red herring designed to bolster the argument for Wayland's horrible designs.
tapoxi•3mo ago
Wayland doesn't need X11's vulnerability as its only argument, Wayland is a much simpler design that is easier to iterate on because it doesn't assume the client and server are on different machines. The fact that it moves privileged APIs like screen capture behind portals is a bonus.
kelnos•3mo ago
phkahler•3mo ago
It depends what features you care about. X11 doesn't have tear-free video playback, HDR, or as good a security model as Wayland.
mikkupikku•3mo ago
marmight•3mo ago
phkahler•3mo ago
Right, and that abandons the whole X drawing API in favor of passing around client drawn bitmaps. That was one of the big points of Wayland too - X has a whole bunch of stuff that no modern apps use anyway so lets throw it out and build up a better version of the capabilities we need.
If we abandon the X drawing API and half an OS included (memory management) and use KMS, all that's left is the features that are security holes.
toast0•3mo ago
HDR would fit in the X11 model of many bit depths, however the specifics don't really; afaik, X11 has a maximum bitdepth of 32 for pixel values, which means either limiting to 2-bits of alpha channel or using palettes (I think I saw that indexed colors can be defined with 16-bits per channel). An extension might be possible (with everything that brings), but I think the ship has sailed.
I agree that Wayland's security model prevents some undesirable interactions that X11 allows, but it also prevents or makes difficult some desirable interactions, so it's a mixed bag.
Imustaskforhelp•3mo ago
That is so true, I wanted to have a typing sound from my pc everytime I typed on wayland and I looked at LITERALLY every single solution and none of them worked... simply because of the security model of wayland (so things like Mechvibes and alternatives don't work generally speaking)
On one hand, its a good thing to prevent things like password injection etc. but on the other, really?
I got frustrated and I created a lot of github issues on every such project if they said that they are working on wayland and I didn't care if it meant running it as sudo, I just asked them kindly if there was a way or not/ what's the issue here
There are still times where I get a lot of notifications simply because someone commented on those issues
So naturally a lot of people are/were frustrated about it. Not sure if its a good thing or not, but I 100% agree about this comment of yours
Another big issue imo to me feels like ssh, X servers ssh forwarding/vnc just works, Yet I haven't really found ways to do things like VNC on wayland on a server or something as easy (or even possible?) on wayland as compared to x servers, Please let me know if there are apps which do this though, I know about weston but I haven't found ways to work with it/make it work (maybe my skill issue)
Are there any solutions to these things though? Fundamentally that mechvibes things requires an app to view the key from every other application and make a sound, Nothing stops it from being a key-logger as well if it had that capability and Wayland was created with a better security model but as you say and I experienced, that security model comes up with its own compromises and I am not sure if that's a good thing or bad thing....
toast0•3mo ago
Waypipe is supposed to help replace things like remote X. I'd be surprised if there's no vnc server that offers a wayland desktop... that would be a big missed opportunity.
For your noisemaker, I think you might have a better time integrating at another level. Either intercept the inputs before the display server gets them, or integrate into the display server itself. X was more flexible, but as long as it's just typing -> noise, you don't need it to have the same architecture as it did in X.
[1] Wayland has no compelling features for me, and X remains viable for me as well. At some point, hardware support might be compelling, or IMHO, something will come to replace Wayland and X that is compelling.
yjftsjthsd-h•3mo ago
Yes, this should be workable, assuming your compositor is compatible (a meaningful caveat, but not insurmountable):
* To forward one application like `ssh -X`, you want waypipe
* For VNC, it really depends on your compositor, but wayvnc works for many of them. (And GNOME does their own thing and I think KDE has their own official option)
prmoustache•3mo ago
waypipe just works too. That replaces any reason to do SSH forwarding.
Also some desktop like Gnome (maybe KDE has similar feature?) offer remote desktop. In Gnome's case it is using RDP protocol instead of VNC.
throwaway7486•3mo ago
Waypipe[0] for native Wayland applications, and if you need to forward X11 apps there's xwayland-satellite[1].
You can hook xwayland-satellite with Waypipe and forward X11 apps through Waypipe. This way you get even better performance than with traditional X11 forwarding methods.
The other day I was playing Steam/Proton games through the network this way.
Of course, X11 forwarding also works fine on Wayland with ssh -X, but as I said, consider Waypipe + xwayland-satellite.
[0] - https://gitlab.freedesktop.org/mstoeckl/waypipe/
[1] - https://github.com/Supreeeme/xwayland-satellite
jitl•3mo ago
imtringued•3mo ago
jonway•3mo ago
uyzstvqs•3mo ago
mx7zysuj4xew•3mo ago
vacuity•3mo ago
On a separate note, I think it's probably true that Wayland has significant drawbacks that preclude it from being an obvious replacement.
LtWorf•3mo ago
Everybody is pushing it and trying to convince the people who have problems with it that it's completely fine and their problems aren't important (like blind people being completely unable to use the computer).
At some point the pipewire of display will come along and we'll all forget wayland was ever a proposed solution.
krupan•3mo ago
dTal•3mo ago
Pulseaudio is both a protocol and also an implementation of that protocol. Pipewire also implements the pulseaudio protocol, hence its compatibility with all existing software.
Wayland is a protocol only. Every compositor - and there are many - implements it "from scratch". The "pipewire of display" would simply be yet another Wayland compositor. No one is going to solve the problems of Wayland in one fell swoop by releasing another Wayland compositor. What is actually happening is that problems are being gradually solved by the introduction of protocol extensions, which usually get adopted by other compositors after achieving success in one.
zdragnar•3mo ago
I knew someone who worked for a small loan type company. Passwords were stored in plain text, but even worse, the login form didn't actually check the password at all, it created valid sessions as long as you provided a valid user name.
When he informed his boss that was very bad, his boss simply said that nobody has abused it, and nobody would, don't waste time changing it.
The point, of course, is why would you wait until people are getting hacked to address a known vulnerability?
Sure, there are others, and they should be closed too, and they are when they are found. It makes no sense whatsoever to leave one open just because.
portaouflop•3mo ago
No idea of course if the threat model that said boss had in mind made sense. But I always recommend to come up with a reasonable threat model first and then think you can harden against it.
nurettin•3mo ago
kragen•3mo ago
LtWorf•3mo ago
kragen•3mo ago
LtWorf•3mo ago
kragen•3mo ago
LtWorf•3mo ago
kragen•3mo ago
0xbadcafebee said, "Why do people keep persisting this myth? X11 has authentication. ... What's insane about all these discussions is that NOBODY IS HACKING X SERVERS. There's a thousand other kinds of software on Linux that there is real malware for. But nobody is trying to hijack your X11 session. This imagined threat is a red herring ..." and then nurettin followed up by saying, "x11 has been around for decades, and these things just don't happen. And the reason is that there are much simpler and more effective ways to pwn a box than trying to screenshot an x session or trying to hook for key presses."
But in fact I have seen people gaining elevated privileges by "hijacking" X servers when the authentication was configured to be lax, and I've sometimes configured my own authentication to be lax (because configuring it properly was a hassle), so I know it's not an "imagined threat" from "NOBODY" or a "myth" or things that "just don't happen" because "nobody is trying" them.
But it's not a "bug" either. It's a design tradeoff. X just wasn't designed to provide a security boundary between applications, to encrypt its network traffic, or by default to use any authentication at all other than host-based authentication. Even MIT-MAGIC-COOKIE-1 auth was an add-on, and it is sent in the clear, permitting replay attacks. These are defensible tradeoffs, and ssh -X and the current xauth defaults improve the situation significantly, but Wayland's design provides a lot more isolation between applications by default, which is probably a more defensible tradeoff.
nurettin•3mo ago
kragen•3mo ago
anthk•3mo ago
~/.profile
~/.env
~/.xprofile
Exploiting TMPDIR, /tmp race conditions, ~/.mailcap and mutt (I used that to get access to 'premium' binaries under restricted accounts).
If you have Emacs you can do tons of stuff from a single account.
And so on.
nurettin•3mo ago
41throw-it•3mo ago
I agree in a little way to what you say, but if you can write .xprofile you can with no work escalate from the x socket.
41throw-it•3mo ago
I have seen this happen as well. A memory corruption vulnerability in popular software allows unpriv shellcode to reach out and drop a rootkit which loads a rat as a kernel module. Attacker has control. Several big problems.
cobaltstrike beacons blocked. Instead pierce nat with STUN to attacker proxy. Use socket activated VNC/RDP/X.
Why not just steal the sessions and local data? Remote services log access (ip, time, location), easily correlate and forensics would lead back. Local data encrypted at rest, hands on keyboard needed any way since recon incomplete. Are they planning to scan memory for ssh key unlocks or intercept ssh -sk key? This is big, noisy and take developer time. If you log in to a email this leave forensics and is a CFAA violation while risking FAANG security. Attacker needs to shoulder surf.
Most hack is install crypto mining or steal a password. Maybe it is ransom. How do you get 2fa code if you want access to sensitive information? How do you steal hardware keys? You can back door browser, MitB but it gets updated away and you lose access. back door anything and lose access or discovered.
This is not a advanced attacks but it is targeted attacks. People are saying x server never get hacked, but computers get hacked. with X11 the chain is Exploit -> Game over. with wayland you need to go farther.
Suzuran•3mo ago
themafia•3mo ago
Do you have some other way of _reliably_ identifying vulnerabilities?
> It makes no sense whatsoever to leave one open just because.
It makes sense to have security options. If I want to leave it fully unlocked, that's my business, and I possibly have good environmental reasons to do this.
What you should really care about are security _defaults_. And in X11's case I'm not aware of any distribution that ships the server with TCP connections to the sever enabled. You have to go well out of your way to even begin using this functionality.
zahlman•3mo ago
This is irrelevant given that we are talking about known vulnerabilities.
No, you can't reliably find all the vulnerabilities by auditing the code.
Yes, if you audit the code and believe you have found a vulnerability, you fairly reliably are correct in your belief. And should probably take action even if you aren't.
themafia•3mo ago
In a context which does not involve them. I simply ignored the subtle goalpost shift and addressed the core issue of the article.
> And should probably take action even if you aren't.
Where they action could include "disabling as a default option." Yes?
da_chicken•3mo ago
Many distros, if not most distros, disable port 6000+ listening for X.org by default. So, immediately, it's not a remote exploit. OK, so it's scope is already limited to local escalation attacks. Looking at the CVE, the only reason it's high is because (a) X.org is everywhere, (b) you don't need to interact with [another] user to exploit it, and (c) it's not particularly complex to exploit.
That is bad, but it's also behind most of the other security, rather than bypassing essentially all of it like Heartbleed or Shellshock.
So, either I have to have X forwarding turned back on, or have people with SSH access to a server that is also running X. Both of those seem like uncommon situations. You probably shouldn't be running X or permitting X to be started unless you need X forwarding, and X forwarding is a pretty odd requirement given modern application design being so web-browser-focused.
So it might be CVE High 7+ if you're on a system where it's possible to exploit it. But it feels like you shouldn't often be on a system configured in a way where it could be exploited in spite of the prevalence of X.
Essentially: This isn't a rehash of the libXfont problem.
0xbadcafebee•3mo ago
It's the equivalent of HTTP Digest authentication, and nobody's demanding that we rewrite HTTP because Digest authentication. It's in plaintext, so you shouldn't use it; but if a hacker doesn't know the secret, they can't get in.
hirako2000•3mo ago
I distinguish vulnerability from weak. The weakness is not necessarily intended, but the question is, does it do what it is supposed to do. Or is there a known bug: non intended possible exploit, that would make it a vulnerability.
If it isn't known then it doesn't exist. But we can assume all software do have bugs.
Digest is part of the http protocol, if the protocol is found to have vulnerability I can imagine it would be dropped and be rewritten. The digest part, not the entire http protocol.
A hacker may not have the password, but manages to brute forces it. Is that a digest vulnerability or does it fall onto the application to integrate some preventing brute force authentication measures?
My take is digest doesn't pretend to prevent brute force attacks.
Some may not agree with that logic, but since about everything is made of a combination of vectors, and that each typically has some weakness, all you get is a balance between usability, cost, and security.
We can make the case for your typical cryptographic signature, or encryption algorithm. ECDSA standing as well respected, solid cipher. Is it vulnerable? It is vulnerable to the potential power of machines we may build in times to come. Quantum or leaps ahead. Will it be vulnerable then? Yes but it isn't a vulnerability. We would then call ECDSA obsolete.
Digest is obsolete yes.
The interesting part about cryptographic methods is that we may know of some being obsolete ahead of time. So long as we can determine they can be brute forced. For now it isn't obsolete despite the existence of quantum resistant alternatives. Hacker news uses ECDSA for the exchange of keys between server and client, then encrypts all connections using another algorithm safe against quantum computers. Thanks. But beyond that, probably not.
Is X obsolete? Vulnerable? Seems like X developers themselves admit it is a vulnerability. They didn't know of the possible exploit. As to the severity? It's often subjective from my experience.
Happy to be wrong, and we don't have to agree.
da_chicken•3mo ago
This feels like you're not understanding why something is called a vulnerability, how they're defined, or why they get rated the way they do. "It's not vulnerable in a best practice configuration," is not the same thing as, "there is no vulnerability." That is incorrect and misleading, and I think you're conflating risk and severity.
The definition used for a vulnerability is [0]: "A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability." (emphasis mine)
The CVSS score is not a measure of risk. It is a measure based on the qualities of the defect that was identified and how widespread the software is. A higher CVSS score is associated with higher risk, but your risk is going to vary based on your configuration.
All they did was go to the calculator[1], plug in the answers that best fit the definitions provided for what those areas and responses mean (e.g., CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H for CVE-2025-62229), and they get that 7.3 score [2].
[0]: https://nvd.nist.gov/vuln
[1]: https://www.first.org/cvss/calculator/3-1
[2]: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L...
immibis•3mo ago
jonway•3mo ago
X11 is a mountain of tech debt that almost nobody wants to maintain.
theodric•3mo ago
jonway•3mo ago
theodric•3mo ago
immibis•3mo ago
jchw•3mo ago
Any program you incidentally run within a typical graphical user session will have access to the X socket and a cookie, they will be able to connect. And after they connect... They basically just can do anything they want with zero real restrictions, including most likely some fairly trivial paths to root escalation. Even if they're running inside of a sandbox or container, with only an X11 socket poking through.
This problem was realized a very long time ago with the security extension but most of it never really caught on.
> Any program you run on a computer (especially a Linux computer, which lacks modern OS security measures and has constant privesc kernel holes) exposes you to security flaws. There has yet to be any computer system designed that a hacker can't break out of. If you intentionally download and execute a program, you are rolling the dice, regardless of what the software is.
If you believe this is true, then what exactly is the point of any security measure? Why bother using isolation and sandboxing, or passwords? Why does Windows bother patching flaws if they know there are certainly more of them and they will never fix them?
Do you by chance also smoke because you're going to die anyways?
> What's insane about all these discussions is that NOBODY IS HACKING X SERVERS. There's a thousand other kinds of software on Linux that there is real malware for. But nobody is trying to hijack your X11 session. This imagined threat is a red herring designed to bolster the argument for Wayland's horrible designs.
Lol. That's primarily because the Linux desktop is utterly irrelevant, not because nobody would care to do it. Is it really surprising that attacks against desktop computers would focus almost entirely on the OS that has 90+% of the market share? We don't get free software OS desktop malware for the same reason we don't get free software OS software ports.
Watching and waiting with security was a totally acceptable position in the 90s, but we get the general gist these days. We need security-by-design.
On the server side of Linux where Linux is relevant, the situation is much more impressive; auditing using eBPF, sandboxing with gVisor, microVMs with Firecracker and cloud-hypervisor, isolation using namespaces and seccomp-bpf and more.
On the desktop side, people are still arguing over whether or not it's a problem that any X client can by default silently keylog the entire system trivially. Okay, but a lot of us actually see that as a problem, and we're not interested much in "hearing you out". Most of us recognize that the Wayland protocol has warts (and too many damn protocols), but X11 has many more warts. I didn't care what was the successor to X11 specifically, I just cared that we eventually made some progress. Most people have nothing to offer here and just suggest we should've stuck with X11. Okay dude, but nobody wants to. The X.org devs would like to move on. The desktop environments really would like to move on. There was basically one serious guy that actually wanted to work on improving X11 and he turned out to be kind of crazy and couldn't stop breaking shit anyways.
zzo38computer•3mo ago
There are problems with both X11 and Wayland, although I dislike some of the features of Wayland.
jchw•3mo ago
That said though, that does require you to proactively run every X application with this sandboxing. For Qubes which forces everything into VMs this is doable, but for most other systems there isn't an obvious way to handle this sort of thing.
My only major complaint about Wayland that can't just be fixed relatively easily is Mutter refusing to support SSD. (Well, the actual technical problem could be fixed relatively easily, but the social one not so much.)
fpoling•3mo ago
jchw•3mo ago
https://doc.qubes-os.org/en/latest/developer/system/gui.html
This makes sense though, given the way clipboard works in Qubes. I think I must've entirely mistaken how Qubes works for an entirely different scheme.
zahlman•3mo ago
Why would this be likely?
jchw•3mo ago
Needless to say, though, if the user doesn't have anything open with root privileges or cached sudo, then you probably won't be escalating to root with only X11. You'd have to wait for something to crop up. I'd reckon though if you are resident for long enough during a desktop session you'll find an opportunity. (And on most desktop systems that still, of course, leaves the usual points of interest outside X11. But if you wanted a way to escape, say, Flatpak containment, this is definitely a good start.)
jeroenhd•3mo ago
There's no real reason it can't do any of that, it just doesn't and there are no real plans to add these features.
I'm not convinced by the "if you run a program you should assume you've already been hit by a CIA 0day". Obviously nobody is dialing into your X11 server from the internet, but this is a relatively easy nobody:nobody -> root/wm-session/whatever elevation of privilege.
josephcsible•3mo ago
lmz•3mo ago
zahlman•3mo ago
josephcsible•3mo ago
int_19h•3mo ago
josephcsible•3mo ago
int_19h•3mo ago
And yes, if the malware is running under the same account that you use to login, it can do a lot, X or no X. That's where various forms of sandboxing come in. And the problem with X is that it is basically impossible to properly sandbox an X app.
zahlman•3mo ago
udev4096•3mo ago
shrubble•3mo ago
In 2000.
Solaris 10 had it built into the base OS and integrated into both the CDE and GNOME desktops they shipped. With OpenSolaris it was released as open source under the non-GNU CDDL license.
In November 2006.
Wayland was started in 2008.
enriquto•3mo ago
This has nothing to do with X11 or even UI at all. You should not run any low-trust program whatsoever (outside of a container). Any program that runs as your user can change your ~/.bashrc or any other file on your homedir.
Of course this is a feature that you want, for example when you edit these files with a text editor.
exasperaited•3mo ago
Back in 1996 the level of X integration in Tk was awesome; I had a shell tool that could make Netscape do stuff by firing MIT magic cookies at it.
In a contemporary setting, it's pretty horrifying.
ptx•3mo ago
exasperaited•3mo ago
shevy-java•3mo ago
Alan Coopersmith in particular. He even fixed a bug I reported. :)
(I forgot in which app it was but the bug report should be somewhere still; it is not old, perhaps 2 years ago or 3 years ago. The xorg app in question behaved oddly when doing "--version". I only noticed this because I wrote a ruby script that displays which version of programs are installed, and that one kept on making problems, whereas the others worked fine. After I reported it, Alan fixed this very quickly. I think it was some missing flag in the C program or something like that; right now I can not remember the name of the program ... my brain tries to say xrandr but I think it was not xrandr but a less frequently used program somewhere in the FTP listing ...)
ElectroBuffoon•3mo ago
[0] https://keithp.com/x-ideas/
bitwize•3mo ago
The send command in Tk is lel, but can easily be effectively closed by rebinding it to a no-op.
hulitu•3mo ago