RL_Dane, 1 year ago

@alanc

Oops, I'm still using xdm on a couple boxes (mostly because it made me feel nostalgic -- (re?)-discovered it because it's default in #OpenBSD.

I guess I should migrate to lightdm :/

I like how simple xdm is that to configure, though

@XOrgFoundation

alanc, 1 year ago

@RL_Dane @XOrgFoundation I believe #OpenBSD uses their own xenodm fork now that @mherrb maintains - but while there is no one actively maintaining X.Org’s xdm now, the community is still merging patches and making releases, so it’s not abandoned like many of the other projects.

RL_Dane, 1 year ago

@alanc @XOrgFoundation @mherrb

Good to know. :D

Yes, you're right -- OpenBSD's Xorg is a fork, or at least a patched version that implements some clever privilege separation takes advantage of some of their own cool security-related syscalls.

It was one of my favorite #OpenBSD features.

mherrb, 1 year ago

@RL_Dane @alanc @XOrgFoundation xenodm was forked to make the code maintainable again for me. xdm is a piece of ifdef spaghetti to support many (obsolete) Unix variants.
And testing any code cleanup on all the remaining supported systems is also quite hard. So the only reasonable way was to drop support for all but OpenBSD.
We also droped XDMCP altogether in the proces for various reasons.
And got some pledge() sandboxing. Unveil() may be coming next.

RL_Dane, 1 year ago

@mherrb @alanc @XOrgFoundation

Ah, yes. I was not sad to see XDMCP go. I mean, it was a pretty cool feature for maintaining unix systems, but VNC serves that purpose ok, and unencrypted protocols just need to go away, already. ;)

(I'm sure its removal was more about code maintainability than security, but nonetheless ;)

P.S. Ah yes, pledge() and unveil(). I was trying to remember the name of those calls, but I've been away from OpenBSD for a couple months now :)