Is there a ubuntu supported X.org alternative (i.e. with security in mind)?












12















question



(what I am looking for?)



I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?



I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.



Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.



background



(why I am looking for it?)



The key aspect here is security.
While ubuntu offers security in many aspects




  • LUKS (Linux Unified Key Setup) for disk encryption

  • AppArmor MAC (Mandatory Access Control) for zero day attacks

  • gnupg (Gnu Privacy Guard) signatures, safe mail communication


it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:



The X server allows an X client to:

- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text


source: http://plash.beasts.org/wiki/X11Security



The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ... on gnome-terminal you might have done enough to give away remote root access.



This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html










share|improve this question





























    12















    question



    (what I am looking for?)



    I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?



    I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.



    Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.



    background



    (why I am looking for it?)



    The key aspect here is security.
    While ubuntu offers security in many aspects




    • LUKS (Linux Unified Key Setup) for disk encryption

    • AppArmor MAC (Mandatory Access Control) for zero day attacks

    • gnupg (Gnu Privacy Guard) signatures, safe mail communication


    it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:



    The X server allows an X client to:

    - Snoop on the screen by reading its contents.
    - Snoop on the keyboard.
    - Take control of other X clients by sending them keyboard and mouse events.
    - Impersonate other X clients by using their names in window title bars.
    - Discover what other X clients are running.
    - Steal the input focus.
    - Deny service by grabbing the pointer or keyboard or the whole server.
    - Deny service by consuming the X server's resources. strong text


    source: http://plash.beasts.org/wiki/X11Security



    The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
    The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
    In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ... on gnome-terminal you might have done enough to give away remote root access.



    This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
    Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html










    share|improve this question



























      12












      12








      12


      2






      question



      (what I am looking for?)



      I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?



      I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.



      Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.



      background



      (why I am looking for it?)



      The key aspect here is security.
      While ubuntu offers security in many aspects




      • LUKS (Linux Unified Key Setup) for disk encryption

      • AppArmor MAC (Mandatory Access Control) for zero day attacks

      • gnupg (Gnu Privacy Guard) signatures, safe mail communication


      it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:



      The X server allows an X client to:

      - Snoop on the screen by reading its contents.
      - Snoop on the keyboard.
      - Take control of other X clients by sending them keyboard and mouse events.
      - Impersonate other X clients by using their names in window title bars.
      - Discover what other X clients are running.
      - Steal the input focus.
      - Deny service by grabbing the pointer or keyboard or the whole server.
      - Deny service by consuming the X server's resources. strong text


      source: http://plash.beasts.org/wiki/X11Security



      The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
      The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
      In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ... on gnome-terminal you might have done enough to give away remote root access.



      This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
      Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html










      share|improve this question
















      question



      (what I am looking for?)



      I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?



      I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.



      Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.



      background



      (why I am looking for it?)



      The key aspect here is security.
      While ubuntu offers security in many aspects




      • LUKS (Linux Unified Key Setup) for disk encryption

      • AppArmor MAC (Mandatory Access Control) for zero day attacks

      • gnupg (Gnu Privacy Guard) signatures, safe mail communication


      it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:



      The X server allows an X client to:

      - Snoop on the screen by reading its contents.
      - Snoop on the keyboard.
      - Take control of other X clients by sending them keyboard and mouse events.
      - Impersonate other X clients by using their names in window title bars.
      - Discover what other X clients are running.
      - Steal the input focus.
      - Deny service by grabbing the pointer or keyboard or the whole server.
      - Deny service by consuming the X server's resources. strong text


      source: http://plash.beasts.org/wiki/X11Security



      The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
      The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
      In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ... on gnome-terminal you might have done enough to give away remote root access.



      This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
      Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html







      xorg security alternative






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 20 at 12:20









      dessert

      22.4k56298




      22.4k56298










      asked Dec 28 '12 at 8:53









      humanityANDpeacehumanityANDpeace

      9561928




      9561928






















          1 Answer
          1






          active

          oldest

          votes


















          6














          Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.



          It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.



          DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.



          Another solution is not to run a GUI at all.






          share|improve this answer
























          • thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

            – humanityANDpeace
            Mar 26 '13 at 19:14











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f233545%2fis-there-a-ubuntu-supported-x-org-alternative-i-e-with-security-in-mind%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6














          Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.



          It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.



          DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.



          Another solution is not to run a GUI at all.






          share|improve this answer
























          • thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

            – humanityANDpeace
            Mar 26 '13 at 19:14
















          6














          Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.



          It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.



          DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.



          Another solution is not to run a GUI at all.






          share|improve this answer
























          • thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

            – humanityANDpeace
            Mar 26 '13 at 19:14














          6












          6








          6







          Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.



          It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.



          DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.



          Another solution is not to run a GUI at all.






          share|improve this answer













          Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.



          It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.



          DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.



          Another solution is not to run a GUI at all.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 26 '13 at 18:57









          Krzysztof KosińskiKrzysztof Kosiński

          53136




          53136













          • thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

            – humanityANDpeace
            Mar 26 '13 at 19:14



















          • thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

            – humanityANDpeace
            Mar 26 '13 at 19:14

















          thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

          – humanityANDpeace
          Mar 26 '13 at 19:14





          thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375

          – humanityANDpeace
          Mar 26 '13 at 19:14


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f233545%2fis-there-a-ubuntu-supported-x-org-alternative-i-e-with-security-in-mind%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          數位音樂下載

          When can things happen in Etherscan, such as the picture below?

          格利澤436b