I absolutely am. Calling Wayland “something that has been broken for more than a decade” rather than “something that has been in active development for more than a decade” is also an interesting take. By that measure X.Org is “something that has been broken for almost two decades”, so let’s just not go there. And I’m not saying that Wayland magically makes everything secure. I’m saying that Wayland (or something like it) is a necessary step if we want a desktop that is secure. I have seen people propose something like nested sandboxed X servers with a single application for each as an alternative, but I think it’s probably better to actually fix the underlying problem.
That’s an interesting use case. It isn’t really anything I’ve had a need for, so I don’t know what the best way to do something like that is. If your compositor doesn’t allow it, could it perhaps be possible to run as a different user in a nested compositor, like Cage or gamescope? Also, how do you sandbox the applications X11 access? If they share the same server, then a sandboxed application can just wait for you to launch a terminal and use sudo, at which point it can inject a malicious command as root.
I don’'t use systemd or logind so I don’t have to worry about such magic security violations this bogus pile of crap creates. I have more control of processes and don’t allow some “automated” service to be loging-in-out system users 2000 times a nanosecond as logind does.
It only happens when I want it to happen, not uncontrollably.
KISS is the best security measure.
So I guess your question wasn’t in good faith then, but just bait so you’d have an excuse to rant about things unrelated to my answer?
The security issue that Wayland helps solve has nothing to with systemd or logind, so I’ll just ignore your tirade against them. If you don’t want to use them, then good on you.
The issue is an inherent issue with the X11 protocol. It can be worked around, but it can’t be fixed without something changing in the protocol on a fundamental level. The core premise that any client can be trusted unquestionably is broken and was broken the second browsers began running JavaScript. Not to mention all the other times most modern computers run opaque code of uncertain origins.
Keeping it simple is definitely a great basis to build a secure system upon, it just can’t stand alone because of reasons like the above.
What would js be able to do out of firejail or other such forms of containment?
I only allow js for very specific sites, and most that you can’t do without I just do without. I am not that worried about security though, it is just an exercise.
I use seatd with wayland but it can be compiled without it too. My main issue is as I said, I can’t just run “sudo -u user2 leafpad” for example, you say it is a security measure, I say it is an inconvenience.
