The XMir Security Issue Should Now Be Resolved
Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved.
This XMir security issue is rather pressing since when doing a VT switch, the XMir session could still read usernames/passwords and other information when logging into a virtual terminal.
With Mir's revision 1003 as of hours ago, focus notifications are now sent to the client that should workaround this security issue. Expect new Mir packages to appear in the Ubuntu 13.10 repository in due time. We're also waiting on more Mir features to land ahead of the Ubuntu 13.10 feature freeze next week.
This XMir security issue is rather pressing since when doing a VT switch, the XMir session could still read usernames/passwords and other information when logging into a virtual terminal.
With Mir's revision 1003 as of hours ago, focus notifications are now sent to the client that should workaround this security issue. Expect new Mir packages to appear in the Ubuntu 13.10 repository in due time. We're also waiting on more Mir features to land ahead of the Ubuntu 13.10 feature freeze next week.
13 Comments