# Xorg-minimal vulnerability



## freejlr (Jan 22, 2021)

Hi, I am a new member and I have a question about the xorg-minimal package, when installing it on my screen I get an error 1.

He decided that he had to build the package by disabling the vulnerabilities. Well at the end of the installation it was obvious that when starting the X environment it would crash as it did not have the most basic packages such as xterm.

By complementing them, environment X was able to run. My question is what do you mean by vulnerability? In the normal xorg package, I didn't get any messages.

What kind of vulnerability exists in xorg-minimal that xorg doesn't have?


----------



## SirDice (Jan 22, 2021)

The vulnerability is in x11-servers/xorg-server which is dependency of both x11/xorg-minimal and x11/xorg. Look at the output of pkg-audit(8). 





__





						VuXML: xorg-server -- Multiple input validation failures in X server XKB extension
					





					vuxml.freebsd.org
				






freejlr said:


> In the normal xorg package, I didn't get any messages.


If you previously installed x11/xorg-minimal, removed it and then installed x11/xorg, x11-servers/xorg-server would already be installed.


----------



## tux2bsd (Jan 22, 2021)

freejlr said:


> it did not have the most basic packages such as xterm


xterm is a terminal emulator, it is additional software.

You are used to a desktop environment where all of the pieces have been gathered together for you.  What you are finding out is that that if you start with a blank slate you need to build yourself a working environment, one of which will be a Window Manger to use with Xorg and some basic utilities (e.g. xterm and other optional components like a file manager, browser etc)









						FreeBSD Handbook
					

A constantly evolving, comprehensive resource for FreeBSD users




					www.freebsd.org


----------



## SirDice (Jan 22, 2021)

Yes, the whole point of x11/xorg-minimal is that it doesn't include TWM and a bunch of applications (like Xterm) that come with the "full" Xorg installation. It just includes the bare minimum for an Xorg environment to build upon.


----------



## freejlr (Jan 25, 2021)

Well, I have read what the vulnerabilities deal with, they have nothing to do with the minimal package, if not with the xorg-server that is in both.

I run the X environment, as the Freebsd manual recommends with the privileges of the "wheel" group, there is a risk of being compromised the system?

If you fix the startx execution error problem, .xinitrc runs xterm, xclock, and twm. Install xterm and twm on my system, and remove xclock from .xinitrc so that it would stop getting errors in the X log.

I was looking at the pkg tool, and it has an option called audit that throws up some bug reports, just like you showed me.

On the other hand, I saw an option called autoremove, I remove a lot of unused packages, which were installed with the X environment, I don't see the point.

If I install the xorg package, when using the autoremove option, will it be practically xorg-minimal?

How much difference is there between these two packages? Only one does not have xterm, xclock etc ...

Thanks.


----------



## SirDice (Jan 25, 2021)

freejlr said:


> If I install the xorg package, when using the autoremove option, will it be practically xorg-minimal?


No, pkg-autoremove(8) removes unneeded dependencies. 



freejlr said:


> How much difference is there between these two packages? Only one does not have xterm, xclock etc ...


Yes, that's what I said earlier in post #4.


----------

