[–] kevincox 4y ago ↗ > The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).That is a very significant step. I wonder if this applies to Wayland users as well or if this was already a non-issue. [–] alophawen 4y ago ↗ The issue with Xorg is that it runs as root by default (there seems to be ways to run it as non-root according to Gentoo Wiki, but I'm pretty sure most popular distros runs it as root).One of the selling points of wayland is that it does not.EDIT: See child replies. I am outdated info. [–] kevincox 4y ago ↗ I don't think most distributions run X as root anymore. But it does generally have a lot of access as it can open apps and log keys.XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running. [–] alophawen 4y ago ↗ Thanks for pointing that out. I'm not up to date on this. [–] kup0 4y ago ↗ I wonder if this will break the hardware acceleration I've enabled to run in Firefox in X11 by using the VAAPI flags/etc [–] WhyNotHugo 4y ago ↗ It's less of an issue on Wayland.Clients can't randomly snoop onto what others are doing (e.g.: record keystrokes while on background).There's still _some_ attack surface on Wayland, but less than there was on Xorg.BTW: Note sure if this feature was implemented for Wayland, but it sounds like it wasn't.
[–] alophawen 4y ago ↗ The issue with Xorg is that it runs as root by default (there seems to be ways to run it as non-root according to Gentoo Wiki, but I'm pretty sure most popular distros runs it as root).One of the selling points of wayland is that it does not.EDIT: See child replies. I am outdated info. [–] kevincox 4y ago ↗ I don't think most distributions run X as root anymore. But it does generally have a lot of access as it can open apps and log keys.XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running. [–] alophawen 4y ago ↗ Thanks for pointing that out. I'm not up to date on this.
[–] kevincox 4y ago ↗ I don't think most distributions run X as root anymore. But it does generally have a lot of access as it can open apps and log keys.XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running. [–] alophawen 4y ago ↗ Thanks for pointing that out. I'm not up to date on this.
[–] kup0 4y ago ↗ I wonder if this will break the hardware acceleration I've enabled to run in Firefox in X11 by using the VAAPI flags/etc
[–] WhyNotHugo 4y ago ↗ It's less of an issue on Wayland.Clients can't randomly snoop onto what others are doing (e.g.: record keystrokes while on background).There's still _some_ attack surface on Wayland, but less than there was on Xorg.BTW: Note sure if this feature was implemented for Wayland, but it sounds like it wasn't.
6 comments
[ 2.9 ms ] story [ 7.7 ms ] threadThat is a very significant step. I wonder if this applies to Wayland users as well or if this was already a non-issue.
One of the selling points of wayland is that it does not.
EDIT: See child replies. I am outdated info.
XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running.
Clients can't randomly snoop onto what others are doing (e.g.: record keystrokes while on background).
There's still _some_ attack surface on Wayland, but less than there was on Xorg.
BTW: Note sure if this feature was implemented for Wayland, but it sounds like it wasn't.