▶ No.991954>>991967 >>991985
OpenBSD released a syspatch yesterday (day before?) which disables the setuid bit for Xorg. Now you can only launch X sessions from the graphical login manager.
▶ No.991960>>992017
Xorg isn't Linux-only. If you want to consider every OS that has ever had a devastating bug exposed in any used software package completely useless, you shouldn't be using computers at all.
▶ No.991966
If you run something on your PC outside of a sandbox (the security of which is questionable too), you'll have to trust it.
The whole account rights management shit didn't work well on any OS yet, kek.
▶ No.991967>>991973 >>991985 >>992227 >>992554
>>991954
You know this is the same, right? Using a login manager means launchin Xorg as root.
▶ No.991973>>992098
▶ No.991978>>991979
It says you need local access to the console. At that point, you can just boot into single-user mode and have root.
▶ No.991979
>>991978
that's a lot more likely to get noticed though.
▶ No.991985>>992003 >>992017
>>991954
>>991967
>using a login manager
▶ No.992003>>992242
>>991985
>running "startx" which has a documented local root vulnerability as explained in the OP link
▶ No.992017>>992020 >>996197
>>991960
>Xorg isn't Linux-only
The absolute state of damage control.
>>991985
Not using a login manager means your Os is roughly as secure as Win97.
▶ No.992020
>>992017
>Not using a login manager means your Os is roughly as secure as Win97.
When you don't use a login manager you still have to login, it's just not in a graphical environment. Regardless if an attacker has physical access to the machine the machine is practically compromised anyways. They can always boot from a floppy or pull out the harddrives.
▶ No.992031>>992039
>>991951 (OP)
>Need physical access to computer instead of hacking it through remote execution.
pathetic
▶ No.992039>>992040
>>992031
You do realize that this could be all done remotely too lol
▶ No.992040
>>992039
It's a privilege escalation, so if you run a webservice and someone compromised it, they'd now have free root
▶ No.992088
>>991951 (OP)
What does a kernel have to do with a display server?
▶ No.992098
>>991973
>After the user logs in, xenodm runs the Xstartup script as root.
Read it, nigger. The suid wrapper is different, but same shit; Xorg needs to be started as root or your need logind.
▶ No.992118>>992124 >>992241
>he doesn't use weyland
lmao at you autistic retards who cling to obsolete software
▶ No.992124>>992128 >>992338
>>992118
I'd post le funny *snap* ogre meme but you Waylanders can't even take screenshots so you wouldn't understand.
▶ No.992128>>992231 >>992241
>>992124
>waylanders can't take screensho-
▶ No.992227>>992229 >>992257
>>991967
What is setuid systemcall?
What tf happened with this board.
People are so retarded these days on the board ;_;.
And I'm not even really that knowledgable.
▶ No.992229
>>992227
>;_;.
aah yes, a fellow oldfag clearly
▶ No.992231
>>992128
>ubuntu
>gnome
>wayland
>scambo
checks out
▶ No.992241
>>992128
>>992118
>not using wlroots
>picking the plebist tier wayland compositor
comon, are you even trying?
▶ No.992242
>>992003
>using startx
>not just doing X& <window manager>&
▶ No.992257>>992298
>>992227
Something that Xorg already uses, retard.
▶ No.992298>>992313
>>992257
You didn't get what I said, did you?
▶ No.992313>>992321 >>992347
>>992298
Well, explain yourself then, because there might be a misunderstanding. What I meant is that Xorg must be run as root (well, almost, it's just painful without: https://wiki.gentoo.org/wiki/Non_root_Xorg) and that Xorg already installs a setuid wrapper. DMs (running as root) can't do better than this wrapper.
▶ No.992321>>992322
>>992313
Thanks for the link I was searching for why xorg really needs root.
But yeah I always thought that adding the user to the video and input group would be sufficient.
And with setuid I meant that dm's could set the eid of the xorg process to the user's eid (if for some reason dm's would need root aswell).
Btw nixos didn't setuid xorg.
▶ No.992322
>>992321
pic related.
Also forgot to mention, adding a user to a group isn't tidious at all.
▶ No.992338
>>992124
This is peak ironic shitposting in its purest form
▶ No.992347
>>992313
Wait, you don't need systemd/logind/PAM/whatever other useless bloatware to do this on Gentoo?
▶ No.992393>>992398
>>991951 (OP)
More reasons to run Wayland with a small tiling Compositor.
▶ No.992398>>992525
>>992393
i3 doesn't work on Wayland, unfortunately.
▶ No.992400>>992415
>>991951 (OP)
90% of linux desktop/laptop users use sudo/su and one main account where they type the sudo/su command into a terminal which ran their .bashrc and etc. There is no real isolation of privileges on desktop linux if you do this.
Seriously though, why do the manuals recommend using sudo/su when it's functionally the same as running everything as root. Some idiots who do this will even get offended at the idea of logging in as root. It goes even so far that they add into code of programs warnings that tell you not to run as root and instead go through the security theater.
Beta males have to ask their computer for permissions to do things, and by doing so achieve no security. Real men login as root, configure their accounts properly or use ctrl+alt+f2.
I hope /tech/ does the latter.
▶ No.992415>>1011328
>>992400
>90% of linux desktop/laptop users use sudo/su and one main account where they type the sudo/su command into a terminal which ran their .bashrc and etc
sudo/su won't run the user's .bashrc or anything related to the user who ran sudo/su.
▶ No.992517
>privilege escalation exploit
doesn't concern desktop users
▶ No.992525
>>992398
sway is a clone of i3 for Wayland
▶ No.992554>>992664
>>991967
/tech/ is so fucking stupid. The display manager is started by the init system. It's not launched by root.
▶ No.992555
>>991951 (OP)
The security of Linux isn't that it never has any exploits; it's that exploits are fixed as soon as they're found.
▶ No.992567>>992575 >>992584
If Linux were delpoyed on all desktops overnight, there would be an avalanche of exploits revealed. Desktop Linux is not secure whatsoever.
▶ No.992575>>992599 >>992665
>>992567
Linux is deployed on most servers. Last big exploit I remember besides Meltdown, which is hardware level, was Heart Bleed. That exploit was fixed as soon as it was found, and I haven't heard of any major leaks as a result of it.
The security comes through open source, with thousands of eyes on the code. Security through obscurity doesn't work.
▶ No.992584>>992599 >>992610 >>996084
>>992567
There are far more Linux machines in the wild than Windows machines. Linux runs on most phones and most Internet infrastructure.
▶ No.992599>>992601 >>992614
>>992575
>>992584
I’m talking about userland software. Desktop Linux. Not the kernel---obviously that is solid.
▶ No.992601>>996093
>>992599
Did I say anything about the kernel? Is OpenSSL not userspace?
▶ No.992610>>992614
>>992584
>Linux runs on most phones and most Internet infrastructure.
I hope those aren't supposed to be examples of why he's wrong. Linux as it's deployed as "internet infrastructure" is not desktop Linux. Neither is Linux on phones, which would be a terrible example anyway, because most phones are running such outdated versions of Android that they're instapwnable.
His point is silly, anyway. Systems complex enough to suit normies on "the desktop" are all going to be full of security holes. Install enough packages on OpenBSD to make a normie happy and it's fucking Swiss cheese.
▶ No.992614
>>992610
>>992599
Un-sageing, you idiots got BTFO.
▶ No.992664
>>992554
init runs as root
▶ No.992665>>992734
>>992575
Hearthbleed isn't related to linux at all nor is meltdown.
▶ No.992734>>992759
>>992665
Being an OpenSSL exploit, Heartbleed isn't essentially a Linux problem, but it is practically one, since most servers run Linux. You could only be talking about kernel exploits if you shift the goalposts to exploits that are essentially Linux only. Now we're back to my original argument that most of the internet is made of Linux, and there is no "avalanche" of exploits. They get fixed just as soon as they're discovered thanks to open source.
What software are you talking about that only runs on Linux desktops? Just say Xorg if that's all you meant. Or, are you some brainlet that doesn't understand what he's criticizing well enough to articulate an argument?
▶ No.992759
>>992734
All I'm saying is, is that it's not a linux problem.
Like for example, let's say the Telegram Desktop client has a bug which allows rce.
After your logic it would be a windows problem since most installations run on windows.
▶ No.992768>>993011 >>996020
>physical access required exploit
not exactly btfo. besides shit like this gets patched almost instantly so none of us need to worry
▶ No.993011
>>992768
Wrong. It's a privilege escalation exploit. Os physical access required.
▶ No.996020>>996024
>>992768
>shit like this gets patched almost instantly so none of us need to worry
Unfortunately, this is untrue in this case.
Now, it is fixed but the fix is to disable suid permissions on Xorg-server, this means you won't be able to do startx anymore, and thus you are forced into using a display manager or risk exposing your terminals to this exploit.
The fix that literally every distro has opted for is just force use of a display manager.
It's fucking retarded, i never wanted this bloat but because X devs are retarded now i have to do this or chown tty7 every time i want to run Xorg.
▶ No.996024
>>996020
chattr +i /etc/shadow
Your welcome.
▶ No.996084>>996129
>>992584
>Linux runs on most phones
And there you have DirtyCOW and Stagefright, the kind of insane security holes that haven't been seen in Windows since XP.
▶ No.996093
>>992601
He's talking about DESKTOP software.
Do you run Xorg on your servers? Do you run GNOME or KDE on your servers? Do you run GTK3 or QT5 apps on your servers?
THAT is what he's talking about. Imagine if every laptop that currently runs Windows 10 now all of a sudden runs Ubuntu or something like that. He's saying that the desktop software that people run on their desktops and laptops on Linux is insecure.
I'm not even 100% in favor of his point, but please stop being needlessly obtuse
▶ No.996102
whenever theres like requirements for physical access
its pretty much over for me, it doesnt matter anyway unless you are connected to the net
now some mission critical stuff needs this patched out, like say server somewhere important
▶ No.996104
>>991951 (OP)
I don't have Xorg on android/Linux
▶ No.996129
>>996084
>>Linux runs on most phones
Except literally everything else about linux isn't on those phones.
▶ No.996197
>>991951 (OP)
if you have privs to start X you don't even want root, because this is a desktop machine, and you already owned the user who runs all the desktop shit (X,file browser, terminal emulator, web browser, etc) and already got all his passwords and documents. i guess the vuln might be useful for anyone who's dumb enough to install X11 on their server though
>>992017
>Not using a login manager means your Os is roughly as secure as Win97.
shut the fuck up LARPer
>https://www.exploit-db.com/exploits/45697/
>cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
fuck all these nuinfosec homos on twatter
▶ No.1004835>>1012984
>All the larping in this thread
IT DOESN'T FUCKING MATTER WHAT YOUR DISPLAY MANAGER DOES
Even if your display manager managed to start Xorg as non-root or if your init system started Xorg or whatever the fuck you're pulling out of your LARPing ass. It-Does-Not-Fucking-Matter.
This has nothing to with your running X session, you don't need a running X session for this exploit, all you need is a vulnerable Xorg binary (/usr/bin/Xorg) with the SUID bit set (every distro does this).
It's also fucking hilarious how everyone keeps copy-pasting "root::16431:0:99999:7:::" and thinking it's some sort of secret code, it even got censored in the computerphile video, you can just use "root::::::::" and it works the same, because all of the fields but the first (the username) are optional, the guy who tweeted the one-liner probably just copy-pasted his line from his /etc/shadow and deleted the password field (which is the second).
▶ No.1007211
>Calling (((freedesktop.org))) backdoor a bug
▶ No.1010006
>>1009852
Now this is necro bumping
▶ No.1011328
>>992415
He's referring to the possibility that the user which ran sudo/su could have a .bashrc which aliases sudo/su to a malicious command (which can additionally remove all traces of itself and its alias after it harvests the user's password). Given a working ACE exploit, it's trivial to do this.
▶ No.1012984
>>1004835
>larp larp larp larp larp larp
Ever notice how the people who parrot this shit in every post they make always end up being the actual "larpers"?
▶ No.1013044
You didn't listen. Now your PC has niggers. You could have prevented this by taking the ELITE FRAMEBUFFER PILL.