Is there a ubuntu supported X.org alternative (i.e. with security in mind)?
question
(what I am looking for?)
I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?
I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.
Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.
background
(why I am looking for it?)
The key aspect here is security.
While ubuntu offers security in many aspects
- LUKS (Linux Unified Key Setup) for disk encryption
- AppArmor MAC (Mandatory Access Control) for zero day attacks
- gnupg (Gnu Privacy Guard) signatures, safe mail communication
it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:
The X server allows an X client to:
- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text
source: http://plash.beasts.org/wiki/X11Security
The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ...
on gnome-terminal
you might have done enough to give away remote root access.
This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html
xorg security alternative
add a comment |
question
(what I am looking for?)
I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?
I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.
Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.
background
(why I am looking for it?)
The key aspect here is security.
While ubuntu offers security in many aspects
- LUKS (Linux Unified Key Setup) for disk encryption
- AppArmor MAC (Mandatory Access Control) for zero day attacks
- gnupg (Gnu Privacy Guard) signatures, safe mail communication
it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:
The X server allows an X client to:
- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text
source: http://plash.beasts.org/wiki/X11Security
The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ...
on gnome-terminal
you might have done enough to give away remote root access.
This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html
xorg security alternative
add a comment |
question
(what I am looking for?)
I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?
I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.
Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.
background
(why I am looking for it?)
The key aspect here is security.
While ubuntu offers security in many aspects
- LUKS (Linux Unified Key Setup) for disk encryption
- AppArmor MAC (Mandatory Access Control) for zero day attacks
- gnupg (Gnu Privacy Guard) signatures, safe mail communication
it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:
The X server allows an X client to:
- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text
source: http://plash.beasts.org/wiki/X11Security
The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ...
on gnome-terminal
you might have done enough to give away remote root access.
This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html
xorg security alternative
question
(what I am looking for?)
I am looking for alternatives to X.org, which is the most often used X-Server in linux' graphic systems today (which means also in Ubuntu). Do you know some alternatives?
I already know about DirectFB and Wayland. With Wayland I am not really sure if it can be seen as a replacement-alternative or simple some kind of addon.
Also I am asking about Ubuntu in particular in the question. So I was wondering if there is an alternative (already packed as a packaged for ubuntu). If somebody knows an "not ubuntu yet" alternative I would none-the-less appreciate a response as I assume ubuntu is thought to embrace development and progress (which alternatives might induce). Thank you.
background
(why I am looking for it?)
The key aspect here is security.
While ubuntu offers security in many aspects
- LUKS (Linux Unified Key Setup) for disk encryption
- AppArmor MAC (Mandatory Access Control) for zero day attacks
- gnupg (Gnu Privacy Guard) signatures, safe mail communication
it is sad to know that the X.org server might give away much security. The concern is stated in many places. It is for instance:
The X server allows an X client to:
- Snoop on the screen by reading its contents.
- Snoop on the keyboard.
- Take control of other X clients by sending them keyboard and mouse events.
- Impersonate other X clients by using their names in window title bars.
- Discover what other X clients are running.
- Steal the input focus.
- Deny service by grabbing the pointer or keyboard or the whole server.
- Deny service by consuming the X server's resources. strong text
source: http://plash.beasts.org/wiki/X11Security
The above would mean that some software running in the X-server (this almost is every program that has a graphical output - is not running on the command line) can make itself a keylogger.
The linux file system is keeping the permissions set and by this User A can be restricted to access User B's files.
In the X.org/X-server it is hard to keep program A from accessing the X-server resources of program B. So by having installed a malicious firefox addon + using a sudo ...
on gnome-terminal
you might have done enough to give away remote root access.
This is why I want to learn / ask about alternatives to X.org's Xserver software (in ubuntu). At best an alternative that keeps the programs graphic resources (windows,keyboard input) separated!
Maybe this is some comprisive description of the problem that drives my search for an alternative: http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html
xorg security alternative
xorg security alternative
edited Jan 20 at 12:20
dessert
22.4k56298
22.4k56298
asked Dec 28 '12 at 8:53
humanityANDpeacehumanityANDpeace
9561928
9561928
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.
It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.
DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.
Another solution is not to run a GUI at all.
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f233545%2fis-there-a-ubuntu-supported-x-org-alternative-i-e-with-security-in-mind%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.
It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.
DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.
Another solution is not to run a GUI at all.
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
add a comment |
Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.
It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.
DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.
Another solution is not to run a GUI at all.
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
add a comment |
Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.
It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.
DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.
Another solution is not to run a GUI at all.
Wayland is supposed to be a complete replacement for X, not an addon, and it addresses the problems which concern you. Note that at the moment Wayland is not production ready and there is limited driver and toolkit support for it.
It seems that Ubuntu does not have any plans to integrate Wayland at the moment, and wants to create its own display server called Mir, which may also address some of your security concerns. Mir is also not ready for general use.
DirectFB is a bare bones solution for embedded systems which gives programs direct access to the video card's framebuffer. It does not have any security mechanisms.
Another solution is not to run a GUI at all.
answered Mar 26 '13 at 18:57
Krzysztof KosińskiKrzysztof Kosiński
53136
53136
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
add a comment |
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
thanks for the answer! Still, not running a GUI cannot be honestly considered a another solution for a "X"-alternative. If it is not **G**(graphical) UI then it ain't an alternative. I am looking forward to Wayland. As you describe it might at last bring some improvements. The security holes via GUI are considerable at present. The wayland security is also well discussed here lwn.net/Articles/517375
– humanityANDpeace
Mar 26 '13 at 19:14
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f233545%2fis-there-a-ubuntu-supported-x-org-alternative-i-e-with-security-in-mind%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown