Really? Like not letting apps draw over other apps? As far as I know Windows still allows that, so does even Mac OS. I don’t know who in the industry decided that screenshotting is a bad behaviour and needs to be removed but maybe they should find a new industry, like fast food line work for example.
Allowing any app unrestricted access to the input and output of any other app (like in X11) is a terrible security practice. It allows for trivially easy keyloggers and makes horizontal movement to other apps after the first has been exploited super easy.
Many people’s answer to this is “then just don’t run untrusted apps, duh”, but that is a bad take since that isn’t realistic for 99% of users. People run things like Discord or Spotify or games or Nvidia drivers all the time, not to mention random JavaScript on various websites, so the security model should be robust in the presence of that kind of behaviour. Otherwise everyone is just a single sandbox escape in the browser away from being fully compromised by malware installed with root privileges. Luckily we know better now than when X11 was designed and that is the reason for things like Bubblewrap (used in Flatpak for sandboxing), portals and the security model of Wayland.
And in the end: the people who decided this are the people actually willing to do the work to build and maintain the Linux desktop stack. If anyone knows what the right approach is, it’s them.
Are you comparing 40years of graphical environment stability and global use with something that has been broken for more than a decade and now all of a sudden is portrayed as secure?
I want to start applications as another user in my own environment and my own system and wayland prevents me, while x11 allows me (together with many forms of sandboxing and containerization).
I have asked this question to all pretend to be experts of wayland and I have 0 responses.
I absolutely am. Calling Wayland “something that has been broken for more than a decade” rather than “something that has been in active development for more than a decade” is also an interesting take. By that measure X.Org is “something that has been broken for almost two decades”, so let’s just not go there. And I’m not saying that Wayland magically makes everything secure. I’m saying that Wayland (or something like it) is a necessary step if we want a desktop that is secure. I have seen people propose something like nested sandboxed X servers with a single application for each as an alternative, but I think it’s probably better to actually fix the underlying problem.
That’s an interesting use case. It isn’t really anything I’ve had a need for, so I don’t know what the best way to do something like that is. If your compositor doesn’t allow it, could it perhaps be possible to run as a different user in a nested compositor, like Cage or gamescope? Also, how do you sandbox the applications X11 access? If they share the same server, then a sandboxed application can just wait for you to launch a terminal and use sudo, at which point it can inject a malicious command as root.
I’m a cybersec MSc and the security model you’re describing is that of the clipboard.
Apps interacting with each other is also how just about anything works on a computer since multi tasking OSes.
Flatpaks and Snaps are also DOA along with Wayland lol.
Nice appeal to authority. Are you referring to a formalised security model (of which I’d love to read more, if you have a link?), or the actual clipboard on your PC?
But not all interaction is equal. Access control and granularity of permissions is something X11 is sorely lacking in, which Wayland has built in. Which is why X11 is a bad fit for common treat models and Wayland is not.
Ohh, @LainTrain@lemmy.dbzer0.com said so, so it must be true! I’ll let you keep believing that while I enjoy them and watch them grow in popularity and usage, just like Wayland.
