• d_k_bo@feddit.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    12
    ·
    26 days ago

    By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

    Maybe we should stop writing security critical software in memory unsafe languages. I now this vulnerability was introduced a long time ago, but given that major Wayland compositors are still written in C, something like this isn’t too unlikely to happen again.

    • superkret@feddit.org
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      26 days ago

      Let’s re-write all currently existing software in Rust, then there will be no more security holes, and every computer will be safe forever.

    • leo85811nardo@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      ·
      26 days ago

      Wait till bro find out the program written in the “memory safe language” depends on many libraries written in C

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      26 days ago

      The problem is a huge codebase that no one understands.

    • woelkchen@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      26 days ago

      major Wayland compositors are still written in C

      KWin is written in C++ but yes, it’s not a “safe” language.

      something like this isn’t too unlikely to happen again.

      With at least three mainstream implementations – KWin, Mutter, and wlroots – it’s highly unlikely that all would ever be equally affected by one bug.