The way X11 developers ended up fixing this is by creating Wayland. This way privileged operations (like keylogging, screen capture, etc) require the cooperation and authentication through the display server.
That sort of solution is cancer if you want to do anything the display server authors didn't think of. I've got a script that I invoke with a global hotkey that determines the window title of the currently focused window and fuzzy matches it against pipewire audio stream names so I can mute the focused window with a single keypress. If I want that to work in Wayland I'm pretty much up shit creek because somebody with their head in the clouds thinks that my needs are super dangerous or something.
Wayland devs for the longest time thought implementing what was needed for accessibility (mainly, global keyboard hooks for Orca to work) was a security problem. Nevermind the fact that nobody hacks X servers, or your wayland compositor, because if I wanted to hook your keyboard with a keylogger, I'd hook it through evdev. And then you wouldn't even know let alone be able to do much about it if I did it properly.
Wayland doesn't say "this is impossible", it says "this is out of scope of the core display protocol, implement this somewhere else".
Which, well, we do. Practically all the X usecases are covered on Wayland systems now. Screen sharing, screen clipping, global hotkeys, file pickers, getting the window title like you said... I can do all of that on KDE, right now, under Wayland.
Good. Disallowing software to position its own windows has been a major usability improvement over the X11 days of software making stupid positioning decisions and having to patch it out everywhere...
Fixing X11's security would of broken window positioning as well. Since that is a security issue.
The deal here is that the only way to fix X11's security issues is by breaking all those types of workflows and forcing application rewrites to implement them in authenticated ways.
So if you are going have to go and break all that stuff, why not fix a crapload of other problems while you are at it?
Calling Wayland "X13" may have avoided a lot of misunderstandings, but it probably would of caused others.
mikkupikku|4 months ago
ethin|4 months ago
array_key_first|4 months ago
Which, well, we do. Practically all the X usecases are covered on Wayland systems now. Screen sharing, screen clipping, global hotkeys, file pickers, getting the window title like you said... I can do all of that on KDE, right now, under Wayland.
justin66|4 months ago
Hey come on man, a locking screen saver is a totally niche application. No demand for that.
tuna74|4 months ago
embedding-shape|4 months ago
accelbred|4 months ago
lotharcable|4 months ago
The deal here is that the only way to fix X11's security issues is by breaking all those types of workflows and forcing application rewrites to implement them in authenticated ways.
So if you are going have to go and break all that stuff, why not fix a crapload of other problems while you are at it?
Calling Wayland "X13" may have avoided a lot of misunderstandings, but it probably would of caused others.
unknown|4 months ago
[deleted]
kasabali|4 months ago
X.org developers, not X11 developers.