Remote OpenGL

Cook, Rich cook47 at
Fri May 27 21:45:37 UTC 2016

Thanks for the pointer to the actual change.  
The commit message there also says, wrongly, "Almost every situation of someone running indirect GLX is a mistake that results in X Server crashes.  Indirect GLX is the cause of regular security vulnerabilities, and rarely provides any capability to the user. " 
The vulnerabilities are a real concern.  However, the attitude that it "rarely provides any capability" is the thing that alarms me because it's so obviously incorrect, and it is this that I'm trying to make clear -- we use it all the time here and there are many places like us around the world doing so.  Large linux clusters are actually quite common for scientific applications and running OpenGL applications on those clusters to do remote work is also quite common.  
I'm glad IGLX is not going away, but still concerned that either I'm misunderstanding or that the developers of XOrg are missing this important use case in their analyses.  
-- Rich 

> On May 27, 2016, at 12:35 PM, Alan Coopersmith <alan.coopersmith at> wrote:
> On 05/27/16 11:20 AM, Cook, Rich wrote:
>> I'm glad to hear that one of the core X server maintainer is saying that it is not going "completely" away.
> The previous statement on IGLX when it was disabled was:
> and said "Just disable it unless someone wants to enable it for their special use case (using +iglx on the command line)." not "Just disable it so we can
> delete it soon."
>> Regarding the exploitable bugs, can anyone mention or point to a couple?
> See the "GLX extension" entries on:
> -- 
> 	-Alan Coopersmith-              alan.coopersmith at
> 	 Oracle Solaris Engineering -

✐Richard Cook   
✇ Lawrence Livermore National Laboratory
Bldg-453 Rm-4024, Mail Stop L-557        
7000 East Avenue,  Livermore, CA, 94550, USA
☎ (office) (925) 423-9605    
☎ (fax) (925) 423-6961
Information Management & Graphics Grp., Services & Development Div., Integrated Computing & Communications Dept.
(opinions expressed herein are mine and not those of LLNL)

More information about the xorg mailing list