Wayland - yay or nay?

If any application runs natively on a computer in your user account it can get its claws at other application's data running in the same context. Tinkering with the symptoms doesn't change that.
 
rbranco said:
Not true on Wayland. On Gnome Mutter this was explicitly rejected:
gitlab.gnome.org

Allow Xwayland application keylogging (#2565) · Issues · GNOME / mutter · GitLab

Feature summary Due to how Wayland works, it blocks applications from viewing keypresses when not focused (without root access). However, in...
gitlab.gnome.org gitlab.gnome.org
Click to expand...
Umm... isn't this what spectre, meltdown and the rest were about? Nothing is truly secure. Using wayland instead of X doesn't make you invulnerable, although it might give you a warm fuzzy feeling of security. Sure, wayland closes off some known X11 vulnerabilities.... I wonder what new, currently unknown vulnerabilities it opens. And if you're worried about keylogging... use a wired keyboard, not wireless, to avoid your keypresses getting sniffed through the air!
 
blackbird9 said:
Umm... isn't this what spectre, meltdown and the rest were about? Nothing is truly secure. Using wayland instead of X doesn't make you invulnerable, although it might give you a warm fuzzy feeling of security. Sure, wayland closes off some known X11 vulnerabilities.... I wonder what new, currently unknown vulnerabilities it opens. And if you're worried about keylogging... use a wired keyboard, not wireless, to avoid your keypresses getting sniffed through the air!
Click to expand...
No. It's not the same class of vulnerabilities.

Apps should be restricted to the data they may access. Ideally sandboxed. This is called PoLA.

It's never ok that an app may sniff into another unless I explicitly want to.
 
rbranco said:
unless I explicitly want to
Click to expand...
Dobts.
If you can specify allowing access from others or not, malicious programs can possibly do it via known/unknown vulnerabilities.
The only way to close the hole would be mutually disallowing to share files in kernel level (or disk sector level by firmwares level). It's clearly useless (as even priviledged admins cannot fix broken config files of specific groups and/or users) in real world. So there's mutually trade-offs.
 
T-Aoki said:
Dobts.
If you can specify allowing access from others or not, malicious programs can possibly do it via known/unknown vulnerabilities.
The only way to close the hole would be mutually disallowing to share files in kernel level (or disk sector level by firmwares level). It's clearly useless (as even priviledged admins cannot fix broken config files of specific groups and/or users) in real world. So there's mutually trade-offs.
Click to expand...
It can be done and should be done at all levels, not just the kernel.

If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.

I'm not saying Wayland is perfect, but I'm not a gamer and use the desktop only to increase my productivity and web browsing. Wayland delivers in this aspect, so no complaints from my side.

X11Libre fans will be disappointed when they break compatibility with all apps in ways worse than Wayland...
 
rbranco said:
It can be done and should be done at all levels, not just the kernel.
Click to expand...
My point is that the lower the layer is, the difficult to plug holes from higher layers. Not saying the kernel alone is responsible.

rbranco said:
If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.
Click to expand...
Maybe true for now. But I think if anyone possible are interested in it, the people/group can fork xorg and/or XLibre and implement configurable option to plug it or not.

Don't forget that X is an old and kept on updated (to at least current 11) system.
And IIRC, key loggers are often found on Windows.

Another consideration is that at least some "customer supports" accesses end user's device and fixes the problems remotely (I've seen it in printed papers, thus, cannot point it). Even if on Wayland-based environment, such an softwares somehow "hijacks" the device. Of course, this kind of things are applicable with X11, too. Both can be in risks if there are these kind of backdoors.

And at least for me, Wayland is still (currently) nay as I still cannot find ways to configure it to fulfill my mutual requirements.
 
rbranco said:
If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.
Click to expand...
Sadly neither can any more or less than each other. Both effectively "suck" for your use-case.

rbranco said:
X11Libre fans will be disappointed when they break compatibility with all apps in ways worse than Wayland...
Click to expand...
The fact that Wayland is a completely different API means that no matter what Xlibre does, it can't break compat worse than Wayland.
 
rbranco said:
No. It's not the same class of vulnerabilities.

Apps should be restricted to the data they may access. Ideally sandboxed. This is called PoLA.

It's never ok that an app may sniff into another unless I explicitly want to.
Click to expand...
That sounds like a type of security that would slow down general usage. I like the idea if I was going for it, but I prefer desktop speed and the idea everything I run is trusted enough to not need that layer of security.

That's my larger issue with Wayland: I hear of theoretical security improvements, but had to deal with an inconsistent mouse 8+ years that seemingly can't be better because of technical foundations of abstraction.
 
And if the security has the highest priority over costs including maintainance burden, energy consumptions, sizes, usabilities and so on, cutting edge mainframes without open systems (like using z/OS instead of z/Linux on z Series) would be "the only start point". Many of features related with security (like protections via MMUs) came from mainframes.
 
cy@ said:
I don't use Wayland here because I still run apps on my machines in my basement while sitting at my desk with my laptop inserted into its base station here on the second floor of my home (with CAT6 running from the basement to various rooms of this 113 year old house). A powerful laptop generally used as an X terminal in the traditional sense. You can't do this with Wayland (except with Xwayland).
Click to expand...
I don't do exactly this, but I have $WORK machines (laptops) that I ssh into with X forwarding so I can "emacs work files" because I hate the format of laptops (3/4 keyboards, small screens, etc)
kpedersen said:
If browsers were less scummy then the next bastion is the display server. But at this point, X11 IPC is the least of our worries.

The only thing I would trust at this point is online banking via an SSH session. But unfortunately the mouth-breathing public prefer insecurity rather than a lack of.... pictures.
Click to expand...
Yep. :)

So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
Now as far as games go, games designed for children (say less than 10 yrs old) I think have higher requirements than your latest shoot em up game. Why? Have you seen the attention span of a toddler?

My opinons only:
The patterns between "gaming" (typically full screen, single application on top) vs "General use of a windowed system" (browser, multiple terminal windows, ssh sessions, running make, etc) are 180 out of phase. If Wayland is trying to optimize for the gaming experience, that implies (to me) "We don't care about the general use case. We want the single application on top to have the best performance"
I think "Wayland is an answer to a specific set of requirements" but "Wayland is not THE answer to every use case"
 
Since I'm assuming wayland crap is going to seep into everything eventually, I'm starting to consider a side attack to maintain the same functionality I need (and get) in X11...I'll be examining the wayland protocol libraries and hacking them to allow the features I need, explicitly disabling the "my instructor said root access is bad" paranoia that kids are being taught these days. Anyone want to start a protocol and reference implementation fork?
 
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.
 
mer said:
So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
Click to expand...
8+ years mouse experience tells me gaming was in no way a priority for Wayland. "Gamers" were praising GNOME on Wayland before 42 somehow where mouse timings were the worst.

Edit: Ubuntu 25.04, GNOME 48 Wayland, and mouse at 125Hz seems fine and I can headshot on UT99. Not sure about high-Hz yet, but Wayland seems better nowadays!
 
Last edited:
Espionage724 said:
That sounds like a type of security that would slow down general usage. I like the idea if I was going for it, but I prefer desktop speed and the idea everything I run is trusted enough to not need that layer of security.
Click to expand...
CPU mitigations are the only thing that slow down CPU's but I only disable them on VM's where I don't use any credentials with networking. Otherwise I keep them on.

Speed has never been an issue on recent hardware with SSD drives since 15 years ago. Everyone encrypts their hard drives now.
 
kent_dorfman766 said:
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.
Click to expand...
You need root privileges for that. Root can do anything. Don't compare that with a random X11 app that can sniff and inject anything running rootless.
 
Espionage724 said:
I might have above-average speed and can notice SSD encryption enough to not use it even on NVMe + CPU AES :p
Click to expand...
I don't notice it even on a Raspberry Pi 5b with ZFS and LUKS on Debian.

I do notice it on FreeBSD though. Something should be done about it.

I hate that Linux devs made crypto functions EXPORT_GPL_ONLY that made them unusable by ZFS, so ZFS had to implement their own. That's why I avoid ZFS native encryption, but some people use it anyway.
 
kent_dorfman766 said:
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.
Click to expand...

There are one trillion ways to get at another process' keyboard input if the attacking process is an unrestricted (no sandbox) process running in the same user ID. Starting with ptrace(2), aka the debugging interface.
 
mer said:
I don't do exactly this, but I have $WORK machines (laptops) that I ssh into with X forwarding so I can "emacs work files" because I hate the format of laptops (3/4 keyboards, small screens, etc)

Yep. :)

So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
Now as far as games go, games designed for children (say less than 10 yrs old) I think have higher requirements than your latest shoot em up game. Why? Have you seen the attention span of a toddler?

My opinons only:
The patterns between "gaming" (typically full screen, single application on top) vs "General use of a windowed system" (browser, multiple terminal windows, ssh sessions, running make, etc) are 180 out of phase. If Wayland is trying to optimize for the gaming experience, that implies (to me) "We don't care about the general use case. We want the single application on top to have the best performance"
I think "Wayland is an answer to a specific set of requirements" but "Wayland is not THE answer to every use case"
Click to expand...
Wayland is excellent for gaming. That's the reason I really want it to work on my Nvidia RTX 4060. I'm giving up like 11 FPS in some games...But it's not a priority. Just fun to test games. :D
 
github.com

GitHub - schauveau/sway-keylogger: Simple keylogger for Wayland compositors that are not protected against ptrace.

Simple keylogger for Wayland compositors that are not protected against ptrace. - schauveau/sway-keylogger
github.com github.com

Demonstration of a wayland keylogger here. Admittedly this example is on linux, but I would expect similar would apply to freebsd.

"The purpose of this project is to illustrate how the strace utilitycan be used to catch all input events (mouse, keyboards, ...) within a Wayland session when the compositor is not protected against PTRACE."

He goes on to recommend some methods that can be used to prevent the attack, but says it's basically pointless.

Clearly this is a discussion that has been running for some time.

So... whether wayland is any more secure than X11... I have my doubts.
 
You must log in or register to reply here.
Back
Top