@RL_Dane@XOrgFoundation I believe #OpenBSD uses their own xenodm fork now that @mherrb maintains - but while there is no one actively maintaining X.Org’s xdm now, the community is still merging patches and making releases, so it’s not abandoned like many of the other projects.
Yes, you're right -- OpenBSD's Xorg is a fork, or at least a patched version that implements some clever privilege separation takes advantage of some of their own cool security-related syscalls.
@RL_Dane@alanc@XOrgFoundation xenodm was forked to make the code maintainable again for me. xdm is a piece of ifdef spaghetti to support many (obsolete) Unix variants.
And testing any code cleanup on all the remaining supported systems is also quite hard. So the only reasonable way was to drop support for all but OpenBSD.
We also droped XDMCP altogether in the proces for various reasons.
And got some pledge() sandboxing. Unveil() may be coming next.
Ah, yes. I was not sad to see XDMCP go. I mean, it was a pretty cool feature for maintaining unix systems, but VNC serves that purpose ok, and unencrypted protocols just need to go away, already. ;)
(I'm sure its removal was more about code maintainability than security, but nonetheless ;)
P.S. Ah yes, pledge() and unveil(). I was trying to remember the name of those calls, but I've been away from OpenBSD for a couple months now :)
Add comment