[GoLUG] "Who are we to think has greater knowledge on the topic?" "Me. Seriously" -- Steve Litt
Barry Fishman
barry at ecubist.org
Wed Aug 27 15:44:58 EDT 2025
On 2025-08-27 07:52:52 -04, Hendrik Boom wrote:
> On Wed, Aug 27, 2025 at 01:35:25AM -0700, Ron wrote:
> ...
>> No mention of "hypercomplexification" of X11, which even Xorg won't deal
>> with any more. Never mind the security implications of every window seeing
>> inputs to every other window.
>
> Is that still a problem? I thought that had been dealt with by now.
X11 has restricted itself to Unix domain (file based) sockets. But the
whole structure of X11 was designed before the current focus on
protection against web attacks that penetrate into a system and get
general user level access.
X11 in a sense depends on that access, since it was often used on
standalone X11 terminals (servers) whose windows and window managers
could be on different systems with different instruction sets and OSs.
This now considered security hole but was part of the fundamental aspect
of its design. It was a crucial part of how projects were developed in
Solaris/Ultrix/HP-Unix/BSD hybrid environments that I spend most of my
career. Even on my simple home network, using 'ssh -X', this is a great
loss for me.
I know Qubes OS does use X11 in a multi virtual OS environment and seem to
preserve isolation between the virtual machines, but I am not sure how
they do it.
--
Barry Fishman
More information about the GoLUG
mailing list