On 12/22/22 10:24, Elizabeth K. Joseph wrote:
> This might not be as niche as you might think. I'm one of
the
> Linux kernel maintainers for s390. Many of us do the vast majority of
> their development work natively on s390 systems via SSH from Fedora
> laptops.
I first wanted to echo and confirm what Niklas says here.
The crux of this issue seems to be "the code in the X server that
does this is virtually untested" so would more attention being paid
to this code help?
It certainly would, but there is another factor: Input validation
bugs that would only be out-of-bounds reads with swapping disabled
can easily turn into out-of-bounds writes with swapping enabled.
The former is an information leak, but the latter can be exploited
for code execution.
I can't make any promises, but it would be
valuable to know if this, or something else, is needed. I will also
bring this to the attention of the Open Mainframe Project Linux
Distributions Working Group, since all of the distros use this
byte-swapped code.
Fuzzing the X server’s byte-swapping and input validation routines
would be a good place to start.
--
Sincerely,
Demi Marie Obenour (she/her/hers)