Am 05.02.2017 um 06:38 schrieb Shridhar Daithankar:
this point is about the insecurity of the X Windows System architecture, which basically assumes that all applications are to be trusted. There is no build in security, therefore failing modern threat models completly.
This explains it pretty well I guess: https://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-... isolation.html
ok. It confirms my understanding that X clients can listen to each other's events and modify them.
But in xwayland, things are bit different.
As the thread suggests, if there is a separate X server instance per xwayland application, they won't be able to snoop on each other.
Sounds like what some sandboxing tools try to do with xpra and other additional x instances.
However the default on wayland/xwayland is as described. You can easily try weston. Just install and enter 'weston' and you will get a weston instance where you can try this out with xinput
Btw. to fully prevent keyloggin on wayland, you need to do more, e.g. by sandboxing, since there are ways to work around the security of wayland where the default linux security model is weaker then that of the wayland architecture.
More info here: https://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyl oggers/
Exactly. If I am running chromium with firejail, which whitelists what chromium can do to the file system(even better with --private); the browser cannot tamper with .profile/.bash_profile or .ssh.
Not so sure using firejail will not actually decrease security in light of the recent wave of local root exploits...