TechRepublic: Linux’s X.org server is vulnerable. Here’s how to stay safe.

The Linux operating system is known for security. From the bottom up, Linux was designed to be a platform to be trusted. There is, however, one weak link in the chain. This weakness didn’t just appear, nor is it considered a security bug on any given radar. What I’m talking about is the antiquated X11 Window server still found in use on most Linux distributions.

For those that don’t know, X was originally designed and released in 1985 and X11 in 1987. X.org replaced X11 and was originally released April 6, 2004. When X was originally conceived, the computing world was in a completely different state. Both X and X.org lack a few very important security features that are critical for modern era usage and hardware:

  • All X applications have access to everything on your screen
  • All X applications can register to receive every keystroke, regardless of which window said keystrokes are typed within
  • Applications such as browsers can be remotely controlled such that keystrokes can be forged as if the user were typing them
  • The xhost + option can completely disable any security on the display

more

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s