back

X Security

It's worse than it looks

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration: 01:01:08
Language: English
Abstract: For the past year, I've been looking at the implementation of X.org code. both client and server. During this presentation, I'll give an overview of the good, the bad and the ugly.

Since late 2012 I've been looking for security bugs in X.org code. Both Server and Client code. In this talk I will give an architectural overview of all the discovered attack surfaces which would include:

- client network protocol parser
- server network protocol parser
- data passed on from Server to extensions
- Shared memory
- parsers
- ACL's
- ...

I will also discuss security issues found therein. I will also discuss interaction with various developers and how that process went.

Talk ID: 5499
Event:: 30C3
Day: 3
Room: Saal 1
Start: 6:30 p.m.
Duration: 01:00:00
Track: Security & Safety
Type of: lecture
Speaker: Ilja van Sprundel
Talk Slug & media link: 30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel

English

0.0%

100.0%

Work on this video on Amara!

This talk has a pad for the transcript, please use this instead of the amara editor: Etherpad
Shortcut to the video files: CDN Video Link or YouTube Video Link use this with otranscribe.com

X Security

It's worse than it looks

Work on this video on Amara!

Please check: