[Xquartz-dev] Is XQuartz safe to use?
Olbert, Nils
i17026 at hb.dhbw-stuttgart.de
Wed Mar 11 08:58:11 PDT 2020
Hi,
thanks for your answer.
Regarding the "broken" x11-users-list simply visit https://lists.apple.com/mailman/listinfo/x11-users and try to register. I tried multiple mail addresses and passwords (also this mail address) and always got an error after clicking onto subscribe. I just tried it again, the problem still seems to be present.
Kind regards,
Nils Olbert
________________________________
Von: Xquartz-dev <xquartz-dev-bounces at lists.macosforge.org> im Auftrag von Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Gesendet: Montag, 9. März 2020 00:38:36
An: Developer talk about Xquartz
Betreff: Re: [Xquartz-dev] Is XQuartz safe to use?
On Mar 8, 2020, at 07:03, Olbert, Nils <i17026 at hb.dhbw-stuttgart.de<mailto:i17026 at hb.dhbw-stuttgart.de>> wrote:
Hello,
I am not completely sure if this is the right mailing list for asking this question, but since the x11-users list seems to be broken (you cannot register as a subscriber (results in a "We're sorry, we hit a bug!"-Error)
Can you point me to the link you are using? I can file a ticket to look into it.
, nor seem incoming messages to be processed (I sent this question to that list before in early February)), I am gonna ask it here:
There are messages on the list from February.
<mailto:x11-users at lists.apple.com>
The last version of XQuartz available for download is from 2016.
Yeah, that's the last time I had any free time to package everything up into a release, and nobody has stepped up to take that over. If you want the latest versions, I suggest using MacPorts to install it.
Since then, some serious security vulnerabilities has been spotted in X, f.e. CVE-2017-10972 or https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=x.org .
Is XQuartz immune to all of them or must installing XQuartz be considered as a security issue?
I'm not aware of any that I'd consider extremely alarming. Most of the vulnerabilities that I recall were around privilege escalation to root because Xorg runs as root on other platforms. Since the server runs as the user on macOS, that's not as big a concern.
Kind regards,
Nils Olbert
_______________________________________________
Xquartz-dev mailing list
Xquartz-dev at lists.macosforge.org<mailto:Xquartz-dev at lists.macosforge.org>
https://lists.macosforge.org/mailman/listinfo/xquartz-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/xquartz-dev/attachments/20200311/e0dedb8b/attachment.htm>
More information about the Xquartz-dev
mailing list