https://threatpost.com/x-org-flaw-allows-privilege-escalation-in-linux-systems/138624/
It is said that leveraging the vulnerability is possible from a remote SSH session. Say an attacker was able to successfully gain a remote SSH session in an untrusted VM, do you think it would be possible to gain full control through qubes' implementation of X.org? I checked around and if I understand it right, qubes utilizes X.org in order to integrate the display of PVH VM applications to what the user can/must see. Because of this, what's in my mind right now is that it's possible to leverage this vulnerability to gain full control but since I don't have an idea of the codes or how exactly qubes' implementation of X.org works, I would like to kindly ask for your thoughts about this matter. Earlier I was about to remove setuid of Xorg but I thought it has a good chance of breaking my desktop environment altogether and that would be alot of trouble for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/848dfc38-040c-422a-958a-c20b68db1b87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
