Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"What's your setup like?"

Currently I'm using an old, slow laptop, with a graphics card integrated in to the motherboard. Nothing special. But I don't do any demanding graphics processing on it. I just watch movies and use web browsers and a terminal. I don't play graphically intense games on it.

"With regards to security, the main issue is that X11 provides no isolation between applications, allowing them to listen to keystrokes and the"

I don't see why this should concern me or 90% of X users, because if any malware manages to run on our systems it'll already have full control over them without needing to resort to any kind of keystroke sniffing in X.

I'm struggling to think of a scenario where malware's running on the same machine with access to a single X session, which doesn't already have full control over the account whose keystrokes they'd be presumably sniffing. They could just substitute their own malware versions of web browsers, shells, editors, or whatever other software the user uses and sniff keystrokes in there, without needing to touch X.

Not that it hurts to have more isolation than you get in X, but I'd need a lot more convincing for me to give up the convenience I already enjoy with X.

Can someone paint me a realistic, relatively common threat scenario where not having Wayland's isolation would actually present a serious security risk?



Right, if you already have malware running on your system, all bets are off. However, I'm sure you're aware that large applications like Chromium have tons of vulnerabilities, which is why they come with a sandbox to protect against exploitation. X11 is one of the biggest holes in these sandbox solutions. Replacing X11 with Wayland would plug this hole. I'd argue that security is something the average user cares about.


If your web browser is compromised, that's malware running on your system right there.

A compromised web browser doesn't need X to control the rest of your system. It can usually already write all over your system and perform all sorts of other attacks, including substituting applications, paths, LD_LIBRARY_PATH, etc.. not to mention try kernel exploits and the like -- not that they'd need to on a single-user system, as they could just get your sudo password by one of the other means mentioned above, all without touching X.

Anyway, if a typical user's browser is compromised, they're already completely screwed, as they typically access their online banking and webmail through it. Once again, the attacker does not need to touch X to get access to any of that.

To me it still sounds like Wayland's security model is trying to solve a niche problem that most X users don't really suffer from -- and charging an arm and a leg for it.


> It can usually already write all over your system and perform all sorts of other attacks

Not necessarily. Properly sandboxed applications like Chromium have a seccomp filter, separate pid/user/etc namespaces and bind mounts setup to isolate themselves from the rest of the system as much as possible.

> Anyway, if a typical user's browser is compromised, they're already completely screwed

It really depends on which part of the browser is compromised. Again, Chromium has some pretty good isolation. Having one malicious website exploit a vulnerability does not necessarily mean the attacker gets access to any of the other browser data.


If the browser as a whole has not been compromised, then internally it should be able to deal with the clipboard the same what that Wayland deals with it.

For instance, only the currently focused tab should have access to the X clipboard.


> If your web browser is compromised, that's malware running on your system right there.

This is a bit naive. Browsers execute malicious javascript on your system all the time. A V8 sandbox escape is worth retirement money for a reason.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: