Xorg bug allows root access

The absolute state of damage control.

Not using a login manager means your Os is roughly as secure as Win97.

When you don't use a login manager you still have to login, it's just not in a graphical environment. Regardless if an attacker has physical access to the machine the machine is practically compromised anyways. They can always boot from a floppy or pull out the harddrives.

pathetic

You do realize that this could be all done remotely too lol

It's a privilege escalation, so if you run a webservice and someone compromised it, they'd now have free root

What does a kernel have to do with a display server?

Read it, nigger. The suid wrapper is different, but same shit; Xorg needs to be started as root or your need logind.

lmao at you autistic retards who cling to obsolete software

Attached: ClipboardImage.png (1920x1080, 584.58K)

I'd post le funny *snap* ogre meme but you Waylanders can't even take screenshots so you wouldn't understand.

Attached: Screenshot from 2018-10-29 20-36-19.png (1920x1080, 615K)

What is setuid systemcall?

What tf happened with this board.
People are so retarded these days on the board ;_;.

And I'm not even really that knowledgable.

aah yes, a fellow oldfag clearly

checks out

comon, are you even trying?

>not just doing X& &

Something that Xorg already uses, retard.

You didn't get what I said, did you?

Well, explain yourself then, because there might be a misunderstanding. What I meant is that Xorg must be run as root (well, almost, it's just painful without: wiki.gentoo.org/wiki/Non_root_Xorg) and that Xorg already installs a setuid wrapper. DMs (running as root) can't do better than this wrapper.

Thanks for the link I was searching for why xorg really needs root.
But yeah I always thought that adding the user to the video and input group would be sufficient.
And with setuid I meant that dm's could set the eid of the xorg process to the user's eid (if for some reason dm's would need root aswell).

Btw nixos didn't setuid xorg.

pic related.

Also forgot to mention, adding a user to a group isn't tidious at all.

Attached: IMG_20181030_133516_354.jpg (688x302 48.44 KB, 30.85K)

This is peak ironic shitposting in its purest form

Wait, you don't need systemd/logind/PAM/whatever other useless bloatware to do this on Gentoo?

More reasons to run Wayland with a small tiling Compositor.

i3 doesn't work on Wayland, unfortunately.

90% of linux desktop/laptop users use sudo/su and one main account where they type the sudo/su command into a terminal which ran their .bashrc and etc. There is no real isolation of privileges on desktop linux if you do this.

Seriously though, why do the manuals recommend using sudo/su when it's functionally the same as running everything as root. Some idiots who do this will even get offended at the idea of logging in as root. It goes even so far that they add into code of programs warnings that tell you not to run as root and instead go through the security theater.

Beta males have to ask their computer for permissions to do things, and by doing so achieve no security. Real men login as root, configure their accounts properly or use ctrl+alt+f2.

I hope Zig Forums does the latter.

sudo/su won't run the user's .bashrc or anything related to the user who ran sudo/su.

doesn't concern desktop users

sway is a clone of i3 for Wayland

Zig Forums is so fucking stupid. The display manager is started by the init system. It's not launched by root.

The security of Linux isn't that it never has any exploits; it's that exploits are fixed as soon as they're found.

If Linux were delpoyed on all desktops overnight, there would be an avalanche of exploits revealed. Desktop Linux is not secure whatsoever.

Linux is deployed on most servers. Last big exploit I remember besides Meltdown, which is hardware level, was Heart Bleed. That exploit was fixed as soon as it was found, and I haven't heard of any major leaks as a result of it.

The security comes through open source, with thousands of eyes on the code. Security through obscurity doesn't work.

There are far more Linux machines in the wild than Windows machines. Linux runs on most phones and most Internet infrastructure.

I’m talking about userland software. Desktop Linux. Not the kernel—obviously that is solid.

Did I say anything about the kernel? Is OpenSSL not userspace?

I hope those aren't supposed to be examples of why he's wrong. Linux as it's deployed as "internet infrastructure" is not desktop Linux. Neither is Linux on phones, which would be a terrible example anyway, because most phones are running such outdated versions of Android that they're instapwnable.

His point is silly, anyway. Systems complex enough to suit normies on "the desktop" are all going to be full of security holes. Install enough packages on OpenBSD to make a normie happy and it's fucking Swiss cheese.

Un-sageing, you idiots got BTFO.

init runs as root

Hearthbleed isn't related to linux at all nor is meltdown.

Being an OpenSSL exploit, Heartbleed isn't essentially a Linux problem, but it is practically one, since most servers run Linux. You could only be talking about kernel exploits if you shift the goalposts to exploits that are essentially Linux only. Now we're back to my original argument that most of the internet is made of Linux, and there is no "avalanche" of exploits. They get fixed just as soon as they're discovered thanks to open source.
What software are you talking about that only runs on Linux desktops? Just say Xorg if that's all you meant. Or, are you some brainlet that doesn't understand what he's criticizing well enough to articulate an argument?

All I'm saying is, is that it's not a linux problem.

Like for example, let's say the Telegram Desktop client has a bug which allows rce.
After your logic it would be a windows problem since most installations run on windows.

not exactly btfo. besides shit like this gets patched almost instantly so none of us need to worry

Wrong. It's a privilege escalation exploit. Os physical access required.

Unfortunately, this is untrue in this case.
Now, it is fixed but the fix is to disable suid permissions on Xorg-server, this means you won't be able to do startx anymore, and thus you are forced into using a display manager or risk exposing your terminals to this exploit.
The fix that literally every distro has opted for is just force use of a display manager.
It's fucking retarded, i never wanted this bloat but because X devs are retarded now i have to do this or chown tty7 every time i want to run Xorg.

chattr +i /etc/shadow
Your welcome.

And there you have DirtyCOW and Stagefright, the kind of insane security holes that haven't been seen in Windows since XP.

He's talking about DESKTOP software.
Do you run Xorg on your servers? Do you run GNOME or KDE on your servers? Do you run GTK3 or QT5 apps on your servers?
THAT is what he's talking about. Imagine if every laptop that currently runs Windows 10 now all of a sudden runs Ubuntu or something like that. He's saying that the desktop software that people run on their desktops and laptops on Linux is insecure.
I'm not even 100% in favor of his point, but please stop being needlessly obtuse

whenever theres like requirements for physical access
its pretty much over for me, it doesnt matter anyway unless you are connected to the net
now some mission critical stuff needs this patched out, like say server somewhere important

I don't have Xorg on android/Linux

Except literally everything else about linux isn't on those phones.

if you have privs to start X you don't even want root, because this is a desktop machine, and you already owned the user who runs all the desktop shit (X,file browser, terminal emulator, web browser, etc) and already got all his passwords and documents. i guess the vuln might be useful for anyone who's dumb enough to install X11 on their server though

shut the fuck up LARPer
>exploit-db.com/exploits/45697/
fuck all these nuinfosec homos on twatter

IT DOESN'T FUCKING MATTER WHAT YOUR DISPLAY MANAGER DOES

Even if your display manager managed to start Xorg as non-root or if your init system started Xorg or whatever the fuck you're pulling out of your LARPing ass. It-Does-Not-Fucking-Matter.

This has nothing to with your running X session, you don't need a running X session for this exploit, all you need is a vulnerable Xorg binary (/usr/bin/Xorg) with the SUID bit set (every distro does this).

It's also fucking hilarious how everyone keeps copy-pasting "root::16431:0:99999:7:::" and thinking it's some sort of secret code, it even got censored in the computerphile video, you can just use "root::::::::" and it works the same, because all of the fields but the first (the username) are optional, the guy who tweeted the one-liner probably just copy-pasted his line from his /etc/shadow and deleted the password field (which is the second).

>Calling (((freedesktop.org))) backdoor a bug

Now this is necro bumping

He's referring to the possibility that the user which ran sudo/su could have a .bashrc which aliases sudo/su to a malicious command (which can additionally remove all traces of itself and its alias after it harvests the user's password). Given a working ACE exploit, it's trivial to do this.

Ever notice how the people who parrot this shit in every post they make always end up being the actual "larpers"?

You didn't listen. Now your PC has niggers. You could have prevented this by taking the ELITE FRAMEBUFFER PILL.

Attached: computer niggers.webm (1280x720, 1.39M)