Profile picture
Robᵉʳᵗ Graham @ErrataRob
, 14 tweets, 2 min read Read on Twitter
Today we've been talking about the Xorg bug. What is Xorg? To understand this, we have to time travel back to the 1980s.
Back in the day, Unix was for big computers located in the data center. Users connected to these using terminals. You are familiar with the command-line terminals, but "graphical terminals" also existed.
Much like how Telnet/SSH are the protocols for remote text terminals that we use today, "X Windows" is the protocol for graphical terminals.
Even when your Unix machine has a local graphical screen, X Windows is still the way that most applications make graphical things happen on the local screen. Conceptually, the user is still at some distance from the kernel, even on the local machine.
It's the operating system kernel that has physical access to the hardware, user mode programs don't, and in theory, every graphical kernel call needs to validate user permissions. This has become difficult in recent years with 3D graphics which need a HUGE attack surface.
So graphics, even on systems without X Windows, have become a frequent target for local privilege escalation. That even includes remote exploits in browsers that use 3D acceleration.
There are many implementations of X Windows, but Xorg's has been the default for Linux and BSD systems for decades. It's synonymous with the Linux GUI and/or X Windows.
Things like Gnome are "windows managers", and ancient concept from the 1980s that separates management of windows from the contents of windows. Since your terminal can have windows created by more than one external computer, management needs to be separate.
So for Xorg, instead of doing fine-grained systems calls for every draw operation, with the costly step of checking user permissions every single time, it's easier just to give it root permissions with 'setuid'.
Most apps on Linux can run remotely, just add the --display on the end of the command to cause them to open a window remotely instead of locally. Other apps bypass X Windows and write to the local "frame buffer", especially video and games.
Newer things like Android discard this X Windows nonsense, because it's nonsense, and are just GUIs on top of the frame buffer. So even though Android is Linux underneath, there is no X Windows. There are, however, X Windows apps so that you can use your phone as an X terminal.
Most Linux users I know, when they want a remote GUI, just use VNC instead. With VNC, the app renders the pixels locally, compressed the image, and sends it to a remote computer.
Not having X Windows doesn't mean you are good, though. Microsoft with it's GDI system is prone to all sorts of funny performance, scalability, and security issues. On the other hand, their remote terminal services is the best in the business.
Because X Terminal and VNC are good enough for Linux, they've done nothing better for remote terminals. Because Microsoft's Windows sucks for remote in theory, they've done extraordinary, heroic things to make their Terminal Services better than Linux.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!