top | item 25974745

(no title)

canofbars | 5 years ago

No one who understands wayland was under the delusion that wayland would protect against an application which has full access to your user directory. Wayland becomes secure when combined with an application sandbox using SELinux/flatpak. Previously you could sandbox the app and X would provide an escape.

discuss

znpy|5 years ago

Yes, I am aware about this.

Yet the most common way to denigrate Xorg is to assert that Xorg is basically a keylogger. Which might be true, but as this post shows just switching to Wayland doesn't offer any additional protection under the key-logging point of view.

You might combine a sandboxing technique with Xorg too, by the way.

kaba0|5 years ago

I can’t understand what is so hard to understand... under Xorg a program even with a traditional sandbox in which it can’t do anything, but display a window IS basically capable of keylogging everything, getting a root password etc. On wayland with the same sandbox you are safe from said attack — this exploit works by tampering with dynamic libs, but that is not available inside a sandbox and it is simply pedantic. It’s like saying a car failed a crash test when they throw it off a building and it arrived on its top..