On 12/22/22 10:24, Elizabeth K. Joseph wrote: >> This might not be as niche as you might think. I'm one of the >> Linux kernel maintainers for s390. Many of us do the vast majority of >> their development work natively on s390 systems via SSH from Fedora >> laptops. > > I first wanted to echo and confirm what Niklas says here. > > The crux of this issue seems to be "the code in the X server that > does this is virtually untested" so would more attention being paid > to this code help?
It certainly would, but there is another factor: Input validation bugs that would only be out-of-bounds reads with swapping disabled can easily turn into out-of-bounds writes with swapping enabled. The former is an information leak, but the latter can be exploited for code execution. > I can't make any promises, but it would be > valuable to know if this, or something else, is needed. I will also > bring this to the attention of the Open Mainframe Project Linux > Distributions Working Group, since all of the distros use this > byte-swapped code. Fuzzing the X server’s byte-swapping and input validation routines would be a good place to start. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
