Comment 14Y Re: X is from a different time

Story

Lack of GUI Isolation as Linux security flaw

Preview

X is from a different time (Score: 5, Interesting)

by mth@pipedot.org on 2014-04-18 13:47 (#146)

X is from a time when flexibility was considered more important than security. So I'm not surprised it is weak in this respect.

If you create a second login session at the display manager, I think that would be shielded from the first: they would be talking to the same X server, but to different displays. If I understand X correctly, snooping is possible between applications connected to the same display (X display, not a physical monitor).

Re: X is from a different time (Score: 3, Informative)

by Anonymous Coward on 2014-04-18 14:03 (#147)

That's kind of the issue: the author points out you can use the xtest application to essentially record keystrokes as they happen, even from someone typing into a root terminal. Her preference is for apps to be unable to communicate with each other, as I understand it, and she claims Windows Vista and up do a better job of addressing this weakness.

Re: X is from a different time (Score: 4, Informative)

by Anonymous Coward on 2014-04-21 07:35 (#14V)

It's true, and fixing this problem is one of the main motivations of wayland. Actually, wayland also fixes screengrabbing spyware, as graphics buffers are private to the applications and must be explicitly shared by them if desired.

In X there is no security, whatever has access to the server is fully trusted.

Re: X is from a different time (Score: 1, Insightful)

by Anonymous Coward on 2014-04-22 06:31 (#14Y)

No screenshots then.

Moderation

Time Reason Points Voter
2014-04-28 03:22 Insightful +1 bryan@pipedot.org

Junk Status

Marked as [Not Junk] by evilviper@pipedot.org on 2015-01-04 19:15