Why is X11 a security risk in servers?

xorg security xserver
17,732

Solution 1

Ubuntu's community documentation explains the real reasons why it's not recommended to run a GUI on a production server system:

Most Ubuntu Server developers do not recommend installing X on a server. There are multiple reasons for not installing a GUI.

Some reasons to not install a GUI include:

  1. You'll have more code subject to security vulnerabilities, more packages that need updating, and more server downtime.
  2. X11 and desktop packages are not supported for the full 5 year lifecycle of the LTS server release.
  3. Performance may suffer because resources (memory, hard disk space, CPU, etc.) will be consumed by the GUI.
  4. It is best practice to only install needed software on a production server.
  5. The GUI may include other network services that are inappropriate for a server.
    1. One of the goals of Ubuntu Desktop Edition is to make it easier for users to use Linux. When installing some desktop environments, services that you may not specifically want will be installed. For example avahi-daemon, which is used to help configure networking, adds another open port and may introduce unwanted DNS conflicts with a .local domain.

So for the most secure server it is best to not install a GUI.

"ServerGUI" by "Contributors to the Ubuntu documentation wiki", reproduced here as permitted by CC-BY-SA 3.0.

Contrary to somewhat common misconception, X11 being a server really has nothing to do with why running a GUI on a production server is considered to be non-ideal from a security perspective. X11 is virtually never configured by default to be accessible over a network anymore, on any operating system. No version of Ubuntu has ever had X11 run a network-accessible server in the default configuration. (To access X11 on Ubuntu via TCP, you have to forward it though SSH or manually reconfigure the server.)

Furthermore, even if X11 did run a network-accessible server, this would not be a reason not to have it installed on a production server system. Anyone running a production server is presumably capable of configuring it for their needs and auditing it to make sure undesirable services are not running. (If they cannot, that will pose a far greater threat to their security than would be created by having a GUI installed.) Even if X11 had to have a port listening on a physical network interface (which is not the case), the port could easily be blocked by reconfiguring the built-in netfilter using iptables (or a higher-level frontend like ufw).

In contrast, the problems listed above are not so easy to overcome by reconfiguration.

Solution 2

This is because the X Window System poses a serious security risk if it is not properly secured. An X11 "display" is the X11 server running on your desktop, and includes the screen, keyboard and mouse. If your X11 display is insecure, it will allow a program running anywhere on the Internet to connect to it and the connection may be completely invisible to you. Once connected, that program has full access to your display, which means that it can:

  • View and copy your screen's contents, using standard X11 utility programs;
  • Monitor your keystrokes;
  • Remotely control any browser on your desktop and forge keystrokes as if you were typing them yourself (although not all X11 applications are susceptible to this).

A thumb rule is NOT to use xhost + -- It completely disables your display's security.

A good way is to forward X is through ssh.

Taken from : http://www2.slac.stanford.edu/computing/security/xwindow/

Solution 3

Every running process is a security risk. Particularly those which listen on a network port (X11 does).

General good practise is not to run anything on a server that doesn't absolutely need to be there, and X11 certainly doesn't need to be on a server that you'll SSH into.

I doubt the article you read was talking about a specific vulnerability in X11 (it would have been fixed if so, vulnerabilities don't tend to hang around unfixed for long), but rather just general good practise.

Share:
17,732

Related videos on Youtube

Orcris
Author by

Orcris

Updated on September 18, 2022

Comments

  • Orcris
    Orcris almost 2 years

    I remember reading that servers do not have a GUI because X11 is a security risk. Why?

  • flo
    flo over 12 years
    This article is some 10 years old. Is the information still valid?
  • Christopher B. Adkins
    Christopher B. Adkins over 12 years
    On most modern Linux distributions (like Ubuntu) the X server by default doesn't listen on a network port but only accepts local connections via domain sockets.
  • Amith KK
    Amith KK over 12 years
    @FlorianDiesch Even On the unconfigured one from server?
  • flo
    flo over 12 years
    Big +1 for mentioning that X11 is a network server.
  • Christopher B. Adkins
    Christopher B. Adkins over 12 years
    Amith: Yes. xinit/startx uses -nolisten tcp by default
  • alanc
    alanc over 11 years
    xhost + can't override -nolisten tcp though, just open you up to any connection from the localhost.
  • psusi
    psusi over 10 years
    10.04 had a different support lifetime for server vs. desktop, 12.04 and later do not. Also, an idle gui does not consume any cpu, and the ram it uses will be swapped out.
  • Eliah Kagan
    Eliah Kagan over 10 years
    @psusi The point about the support lifecycle change is a good one. As for CPU and RAM issues, (1) I disagree from experience that an idle GUI never consumes CPU, and (2) if a GUI is running, then when someone is working at the local machine, they're likely using it, whether they want to or not, and that will cause it to consume more CPU and memory resources. However, points 1, 4, and 5 really are (and probably always have been) the most significant reasons to consider not having a GUI run on a production server, and they are independent of support lifecycle or resource utilization issues.
  • Wadih M.
    Wadih M. over 6 years
    May I add that Xorg also runs as root by default.
  • phil294
    phil294 about 6 years
    would these issues be solved by starting a xserver for each application individually?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Changing screen resolution using xorg.conf file
Autostart in .xinitrc
X server doesn't work on Ubuntu 14.04. What may be happening?
Understanding glxinfo error
multiple screens support in X server
DisplayLink ASUS MB168B+ issues
How to install the newest xserver-xorg-video-intel on 18.04 Bionic?
XServer Error could not create lock file
Is there a ubuntu supported X.org alternative (i.e. with security in mind)?
setting the default gpu