Hutterer: X servers no longer allow byte-swapped clients
Hutterer: X servers no longer allow byte-swapped clients
Posted Jan 7, 2023 21:40 UTC (Sat) by NYKevin (subscriber, #129325)In reply to: Hutterer: X servers no longer allow byte-swapped clients by psychon
Parent article: Hutterer: X servers no longer allow byte-swapped clients
Well, unless someone is running a BE server with a LE client that is potentially malicious. Or the LE server is potentially malicious and we're trying to protect the BE client. Do real users care about either of those problems? The latter seems really weird IMHO because usually the server is "my computer" and the client is "the other computer," and the former implies a rather unusual hardware configuration.
Posted Jan 8, 2023 10:12 UTC (Sun)
by whot (subscriber, #50317)
[Link] (2 responses)
Parts of the X protocol are written so that you don't know what to swap until you've parsed everything else before. e.g. requests with lists of items where each item is of different length (including, iirc, sometimes the length defined by some type field). So basically - you need a full X server to parse enough of the protocol to byte-swap everything. And that's a fair bit of effort that realistically no-one is going to step up to do. libxcb would probably help with that a lot, but that's been on the wishlist for at least 15 years now.
Posted Jan 9, 2023 21:14 UTC (Mon)
by NYKevin (subscriber, #129325)
[Link] (1 responses)
Posted Jan 10, 2023 9:18 UTC (Tue)
by geert (subscriber, #98403)
[Link]
The proper way to handle this would be to fix the endianness in the protocol, and have a grace period, like we did for ext2fs (little endian) and XFS (big endian) decades ago. Unfortunately it's a bit late for that, and a short grace period won't work, as there may be clients that cannot be updated easily. Network protocol compatibility is different from file system compatibility, where you can just convert the file system once, and be done with it (there were never many big-endian ext2 file systems in the first place, as the problem was identified and solved early).
[1] None of my BE hardware is supported by contemporary X servers, as Xorg dropped the support for that "exotic" hardware a while ago. So in reality, I only care about using BE clients connecting to an LE server on modern hardware, which is fast enough to make the byte-swapping overhead unnoticeable.
Posted Jan 9, 2023 12:47 UTC (Mon)
by geert (subscriber, #98403)
[Link] (2 responses)
Seriously, this breaks interoperability with other (non-Xorg) systems. If this was Linux, it would be reverted at the blink of an eye ("Do not break userpace ABI people depend on").
Less-serious: will IPv7 be little-endian?
Posted Jan 9, 2023 13:40 UTC (Mon)
by geert (subscriber, #98403)
[Link] (1 responses)
Posted Jan 19, 2023 17:00 UTC (Thu)
by mrugiero (guest, #153040)
[Link]
Hutterer: X servers no longer allow byte-swapped clients
Hutterer: X servers no longer allow byte-swapped clients
Hutterer: X servers no longer allow byte-swapped clients
So this really divides the world in two distinct universes.
And if distros mitigate this interoperability problem by enabling the support by default, the attack vector stays the same.
Hutterer: X servers no longer allow byte-swapped clients
Hutterer: X servers no longer allow byte-swapped clients
Hutterer: X servers no longer allow byte-swapped clients