Re: SecurityFocus Article
From: Dave Airlie
Date: Fri May 12 2006 - 00:15:11 EST
The X server doesn't need to go into the kernel, only a very tiny
portion of it needs to go in. But X blindly pursues the idea of total
platform independence which means it ignores many of the services
offer by the Linux kernel and reimplements them in user space. This is
because the BSDs are missing many things that Linux supports.
I just love the idea of 2.4M lines of X code that opens network
sockets needlessly running as root. Top it off with 1,300 unfixed
Coverity hits, http://scan.coverity.com/. But what fun is life if you
don't live a little dangerously. If you want ideas on how to fix X to
not run as root read,
http://people.freedesktop.org/~jonsmirl/graphics.html
Of course DaveA will chime in and say that they are working on fixing
things to use the Linux kernel. This is good and I am glad it is being
done, I just worry that it will get finished sometime around 2014.
I'll also suggest you stop talking out of your arse, there are no
aliens in Area 51 either Jon and man did walk on the moon, refuting
the crap you post takes more time than fixing X...
Coverity scan is all of X (clients, libraries, server, apps) not just
the X server, it is also against the old 6.9 tree not the modular
tree, so it never gets anything fixed as that tree is dead. We are
working with coverity to scan modular instead.
My current X server hasn't any network sockets open by default.
Your ideas to fix X didn't result in patches to fix X, ideas are great
we all have ideas, patches are better, for some reason we don't all
have patches.
We are fixing X, you are not.
Dave.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/