Wayland - yay or nay?

[blackbird9]

And it doesn't matter whether you're using X11 or wayland if someone is sniffing your keyboard over the air with an SDR.

Millions Of Wireless Keyboards Can Be Hacked By Radio Hack, Keystrokes Can Be Stolen - UMA Technology

Wireless Keyboards Vulnerable to Radio Hack Attacks

umatechnology.org

Or if they have physical access to the machine... I'm sure smaller ones than this are available. Or the whole cable is replaced and has the logger built in. Or the logger has been placed inside the keyboard. If in doubt, use brute force.

https://www.aliexpress.com/item/1005008813615329.html?spm=a2g0o.productlist.main.1.3f435974msjd7J&algo_pvid=bd21fda7-8ce7-4d77-bbd4-b74bea7146c6&algo_exp_id=bd21fda7-8ce7-4d77-bbd4-b74bea7146c6-0&pdp_ext_f=%7B%22order%22%3A%2220%22%2C%22eval%22%3A%221%22%7D&pdp_npi=4%40dis%21GBP%2114.19%2112.30%21%21%21134.64%21116.71%21%40211b6c1717515681301287871ec1f2%2112000046775804535%21sea%21UK%210%21ABX&curPageLogUid=Pbe1KS8QtGdW&utparam-url=scene%3Asearch%7Cquery_from%3A

 

[blackbird9]

I wonder if there is a version of pegasus or similar tools that runs on freebsd. It wouldn't be a surprise. Not expecting anyone to answer!

Remember the old motto: "If in danger, or in doubt, run in circles, scream, and shout." And just to be sure, take the microphone out of your phone and tape over the laptop camera, like in that movie.

 

[rbranco]

GitHub - schauveau/sway-keylogger: Simple keylogger for Wayland compositors that are not protected against ptrace.

Simple keylogger for Wayland compositors that are not protected against ptrace. - schauveau/sway-keylogger

github.com

Demonstration of a wayland keylogger here. Admittedly this example is on linux, but I would expect similar would apply to freebsd.

"The purpose of this project is to illustrate how the strace utilitycan be used to catch all input events (mouse, keyboards, ...) within a Wayland session when the compositor is not protected against PTRACE."

He goes on to recommend some methods that can be used to prevent the attack, but says it's basically pointless.

Clearly this is a discussion that has been running for some time.

So... whether wayland is any more secure than X11... I have my doubts.

This keylogger needs ptrace and it can be prevented.

Wayland is way more secure than X11 because any X app can sniff and hijack another without ptrace.

 

[blackbird9]

It's certainly a fair criticism of X11, however I'm not convinced that wayland is 'way more secure'. I think both systems have vulnerabilities and a determined attacker would be able to hack into both, or more likely would simply ignore the graphics layer and go straight for the web browser, which is the main attack surface. Or let's put it this way, if wayland really is invlulnerable to all such attacks, then it would be a world first. Fortunately(!) I don't have any friends working for 'Fancy Bear', 'APT31' or 'Violet Typhoon' so I can't 100% verify my claim! .

 

[rbranco]

It's certainly a fair criticism of X11, however I'm not convinced that wayland is 'way more secure'. I think both systems have vulnerabilities and a determined attacker would be able to hack into both, or more likely would simply ignore the graphics layer and go straight for the web browser, which is the main attack surface. Or let's put it this way, if wayland really is invlulnerable to all such attacks, then it would be a world first. Fortunately(!) I don't have any friends working for 'Fancy Bear', 'APT31' or 'Violet Typhoon' so I can't 100% verify my claim! .

With X11, it's a vulnerability (a bug considered a feature) in the protocol itself. Wayland disallows this nonsense.

The other vectors apply to everything. Given enough privileges you can do anything.

Any determined actor will get to you, but this is no excuse to make it easier for them.

 

[matt_k]

To answer to OP:
I've been tempted to switch to Wayland for a longer time and when the shenanigans with desktop-related packages in may happened (for example: https://forums.freebsd.org/threads/pkg-upgrade-killed-mate.97771/#post-700815), and it killed my gnome-desktop setup, it encouraged me to finally move to Wayland. Although I had GNOME set up quite well (tiling and everything), I dislike GNOME out of principle and there were still some things that did not work (why can't I specify my screenshot folder and setting it in dconf-editor gets ignored? dconf-editor is another piece of crapware, reminds me of windows registry). The last point of resistance of completely switching to Wayland was BricsCAD and my laziness to set up window and workspace rules in Hyprland properly, so I've been using openbox to run BricsCAD only. Today (it seems) I solved that and now it seems that everything is in order, happily using Hyprland and everything works just as it was in X. I'm not a very demanding user though, normal desktop usage. Not sure how 3D games and stuff work, I may try making Steam happen some day, but I'm getting this, which is encouraging:

~ $ glxinfo | grep -i direct
direct rendering: Yes

Setting up a consistent environment with QT and GTK toolkits made me hate both those toolkits and stupid inconsistencies in both. If you don't have GNOME or KDE tools to do the setup automagically for you, it may be really annoying, trying to set up a nice theme accross all GUI programs with qt6-ct, lxappearance and manually editing files in ~/.config/gtk-[2,3,4].0

Hello everyone,

I've been avoiding Wayland on Linux for some time, but I was provided a work machine with KDE Plasma that works great and very fluid, and wasn't aware that it's running on Wayland. E.g. there was absolutely 0 problems with it and I didn't even had to know what underlying DS is that Linux using.

I know there's a myriad of threads here but versions are moving and support is getting better all the time. So what's the current status, I can see it works on FreeBSD, does it work nicely all the time, and do all X apps work normally under Xwayland? How about DRI eg 3D ones?

I presume that everything using Qt and GTK will natively switch to wayland, I'm curious about the "old" X stuff. It's common to have a previous, not up to dadte version of some infrequently used piece of software in ports.

Currently, I have KDE 5 on X11 on 14.0 and it's working good. I guess several forum people have moved and daily driving Wayland and/or KDE, so give out your story/verdict is this a good move to be doing now.

Thanks

 

[kent_dorfman766]

FWIW, I only have one machine currently at an OS level where I can try "recent" weston/wayland binary packages. Linux Debian 12...The other day I decided to see if I could start the xwayland compatibility layer so I ran weston shell and then manually started xwayland, then twm and an xterm...so far, so good...However when I ran glmark2 (opengl benchmark) it crashed on one of the tests near the end, taking down the whole compositor. AMDGPU uses the DRM infrastructure so it sucks to begin with, but did weston/xwayland crash because wayland sucks or did it crash because AMDGPU/DRM is a boondoggle. The world may never know. LOL