On Sunday 5 February 2017 6:10:51 AM IST sivmu wrote: > Am 05.02.2017 um 05:16 schrieb Shridhar Daithankar: > > On Saturday 4 February 2017 7:28:31 AM IST sivmu wrote: > >> As long as the application has access to the xwayland instance, which is > >> by default the case when xwayland is available, it can influence all > >> other applications that still use the x-protcol. > > > > Just to understand, if there are two applications using xwayland, under a > > wayland session, will they be still able to look at each other's > > resources? > > > > If the answer is no, the security is equivalent to the wayland > > applications, since xwayland instance is essentially a sandbox? > > Not sure what you mean with resources. devices and events, mostly. > this point is about the insecurity of the X Windows System architecture, > which basically assumes that all applications are to be trusted. There > is no build in security, therefore failing modern threat models completly. > > This explains it pretty well I guess: > https://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-> isolation.html ok. It confirms my understanding that X clients can listen to each other's events and modify them. But in xwayland, things are bit different. https://lists.freedesktop.org/archives/wayland-devel/2014-January/012777.html As the thread suggests, if there is a separate X server instance per xwayland application, they won't be able to snoop on each other. > Btw. to fully prevent keyloggin on wayland, you need to do more, e.g. by > sandboxing, since there are ways to work around the security of wayland > where the default linux security model is weaker then that of the > wayland architecture. > > More info here: > https://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyl > oggers/ Exactly. If I am running chromium with firejail, which whitelists what chromium can do to the file system(even better with --private); the browser cannot tamper with .profile/.bash_profile or .ssh. -- Regards Shridhar
