Re: F38 proposal: X Server Prohibits Byte-swapped Clients (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 28, 2022 at 10:13 PM Peter Hutterer
<peter.hutterer@xxxxxxxxx> wrote:
>
> On Thu, Dec 22, 2022 at 05:41:06AM -0500, Neal Gompa wrote:
> > On Thu, Dec 22, 2022 at 5:30 AM Niklas Schnelle <schnelle@xxxxxxxxxxxxx> wrote:
> > >
> > > Hi All,
> > >
> > > This might not be as niche as you might think. I'm one of the
> > > Linux kernel maintainers for s390. Many of us do the vast majority of
> > > their development work natively on s390 systems via SSH from Fedora
> > > laptops. After all mainframes are pretty damn fast at compiling with
> > > plenty of memory and dog fooding is part of quality control. And I'm
> > > sure it's not just the teams working on the Linux kernel but also
> > > plenty of other people working with s390 Linux machines. These s390
> > > machines mostly only host X servers via VNC and usually just for the
> > > installation but they do that too. There is also a hand full of X
> > > clients I run on s390 which are essential for my and many of my
> > > colleagues daily workflows. The most important one is defintely
> > > xsel/xclip to copy from the (neo-)vim/tmux I use for coding to my local
> > > system. Some people also use x3270 via SSH X forwarding from jumphosts,
> > > others use XEmacs. I also know essential internal tools that are run on
> > > s390 hosts via X forwarding. Sure people using X forwarding are capable
> > > of changing configuration defaults but if at all possible I would
> > > suggest to rethink this, as it will create significant hassle for
> > > anyone using their Fedora systems to SSH + X forward to s390 Linux
> > > hosts and it definitely sees more use and thus testing than the
> > > proposal makes it sound.
> > >
> >
> > How bad would it be to force little-endian for the X protocol
> > regardless of architecture?
>
> simply said - not realistic. It's a lot of effort, with zero visible
> benefit beyond the *potential* that we're slightly safer now. Which you
> won't know until you tested it all.
>
> The code works, at least for the bits that are executed. Swapped clients
> run on different hosts by definition so there are probably whole
> extensions that are never used at all and likely completely untested.
> And it's not a matter of "working" but "safe against a malicious client
> sending bad messages". That's a completely different ballpark.
> e.g. the code for CVE-2022-46340 has been there since ~2008 but no-one
> ever noticed the issue - because it works as long as the client is nice.
>
> Forcing the server to little endian only means you'd need to do the
> swapping client-side. There is nothing in place right now to do this and
> while it's probably possible to automate this somewhat with xcb, you're
> still looking at a huge project. And once it all works, you need to
> ensure it works against malicious input data. You could *possibly* MITM
> the whole protocol-swapping into a separate process but, well, goto 10
> :)
>

Please tell me the Wayland protocol doesn't do this? 🙏



-- 
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux