Wayland - yay or nay?

If any application runs natively on a computer in your user account it can get its claws at other application's data running in the same context. Tinkering with the symptoms doesn't change that.
 
Not true on Wayland. On Gnome Mutter this was explicitly rejected:
Umm... isn't this what spectre, meltdown and the rest were about? Nothing is truly secure. Using wayland instead of X doesn't make you invulnerable, although it might give you a warm fuzzy feeling of security. Sure, wayland closes off some known X11 vulnerabilities.... I wonder what new, currently unknown vulnerabilities it opens. And if you're worried about keylogging... use a wired keyboard, not wireless, to avoid your keypresses getting sniffed through the air!
 
Umm... isn't this what spectre, meltdown and the rest were about? Nothing is truly secure. Using wayland instead of X doesn't make you invulnerable, although it might give you a warm fuzzy feeling of security. Sure, wayland closes off some known X11 vulnerabilities.... I wonder what new, currently unknown vulnerabilities it opens. And if you're worried about keylogging... use a wired keyboard, not wireless, to avoid your keypresses getting sniffed through the air!
No. It's not the same class of vulnerabilities.

Apps should be restricted to the data they may access. Ideally sandboxed. This is called PoLA.

It's never ok that an app may sniff into another unless I explicitly want to.
 
unless I explicitly want to
Dobts.
If you can specify allowing access from others or not, malicious programs can possibly do it via known/unknown vulnerabilities.
The only way to close the hole would be mutually disallowing to share files in kernel level (or disk sector level by firmwares level). It's clearly useless (as even priviledged admins cannot fix broken config files of specific groups and/or users) in real world. So there's mutually trade-offs.
 
Dobts.
If you can specify allowing access from others or not, malicious programs can possibly do it via known/unknown vulnerabilities.
The only way to close the hole would be mutually disallowing to share files in kernel level (or disk sector level by firmwares level). It's clearly useless (as even priviledged admins cannot fix broken config files of specific groups and/or users) in real world. So there's mutually trade-offs.
It can be done and should be done at all levels, not just the kernel.

If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.

I'm not saying Wayland is perfect, but I'm not a gamer and use the desktop only to increase my productivity and web browsing. Wayland delivers in this aspect, so no complaints from my side.

X11Libre fans will be disappointed when they break compatibility with all apps in ways worse than Wayland...
 
It can be done and should be done at all levels, not just the kernel.
My point is that the lower the layer is, the difficult to plug holes from higher layers. Not saying the kernel alone is responsible.

If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.
Maybe true for now. But I think if anyone possible are interested in it, the people/group can fork xorg and/or XLibre and implement configurable option to plug it or not.

Don't forget that X is an old and kept on updated (to at least current 11) system.
And IIRC, key loggers are often found on Windows.

Another consideration is that at least some "customer supports" accesses end user's device and fixes the problems remotely (I've seen it in printed papers, thus, cannot point it). Even if on Wayland-based environment, such an softwares somehow "hijacks" the device. Of course, this kind of things are applicable with X11, too. Both can be in risks if there are these kind of backdoors.

And at least for me, Wayland is still (currently) nay as I still cannot find ways to configure it to fulfill my mutual requirements.
 
If Wayland could restrict keyloggers and X11 couldn't, then clearly X11 sucks.
Sadly neither can any more or less than each other. Both effectively "suck" for your use-case.

X11Libre fans will be disappointed when they break compatibility with all apps in ways worse than Wayland...
The fact that Wayland is a completely different API means that no matter what Xlibre does, it can't break compat worse than Wayland.
 
No. It's not the same class of vulnerabilities.

Apps should be restricted to the data they may access. Ideally sandboxed. This is called PoLA.

It's never ok that an app may sniff into another unless I explicitly want to.
That sounds like a type of security that would slow down general usage. I like the idea if I was going for it, but I prefer desktop speed and the idea everything I run is trusted enough to not need that layer of security.

That's my larger issue with Wayland: I hear of theoretical security improvements, but had to deal with an inconsistent mouse 8+ years that seemingly can't be better because of technical foundations of abstraction.
 
And if the security has the highest priority over costs including maintainance burden, energy consumptions, sizes, usabilities and so on, cutting edge mainframes without open systems (like using z/OS instead of z/Linux on z Series) would be "the only start point". Many of features related with security (like protections via MMUs) came from mainframes.
 
I don't use Wayland here because I still run apps on my machines in my basement while sitting at my desk with my laptop inserted into its base station here on the second floor of my home (with CAT6 running from the basement to various rooms of this 113 year old house). A powerful laptop generally used as an X terminal in the traditional sense. You can't do this with Wayland (except with Xwayland).
I don't do exactly this, but I have $WORK machines (laptops) that I ssh into with X forwarding so I can "emacs work files" because I hate the format of laptops (3/4 keyboards, small screens, etc)
If browsers were less scummy then the next bastion is the display server. But at this point, X11 IPC is the least of our worries.

The only thing I would trust at this point is online banking via an SSH session. But unfortunately the mouth-breathing public prefer insecurity rather than a lack of.... pictures.
Yep. :)

So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
Now as far as games go, games designed for children (say less than 10 yrs old) I think have higher requirements than your latest shoot em up game. Why? Have you seen the attention span of a toddler?

My opinons only:
The patterns between "gaming" (typically full screen, single application on top) vs "General use of a windowed system" (browser, multiple terminal windows, ssh sessions, running make, etc) are 180 out of phase. If Wayland is trying to optimize for the gaming experience, that implies (to me) "We don't care about the general use case. We want the single application on top to have the best performance"
I think "Wayland is an answer to a specific set of requirements" but "Wayland is not THE answer to every use case"
 
Since I'm assuming wayland crap is going to seep into everything eventually, I'm starting to consider a side attack to maintain the same functionality I need (and get) in X11...I'll be examining the wayland protocol libraries and hacking them to allow the features I need, explicitly disabling the "my instructor said root access is bad" paranoia that kids are being taught these days. Anyone want to start a protocol and reference implementation fork?
 
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.
 
So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
8+ years mouse experience tells me gaming was in no way a priority for Wayland. "Gamers" were praising GNOME on Wayland before 42 somehow where mouse timings were the worst.

Edit: Ubuntu 25.04, GNOME 48 Wayland, and mouse at 125Hz seems fine and I can headshot on UT99. Not sure about high-Hz yet, but Wayland seems better nowadays!
 
Last edited:
That sounds like a type of security that would slow down general usage. I like the idea if I was going for it, but I prefer desktop speed and the idea everything I run is trusted enough to not need that layer of security.
CPU mitigations are the only thing that slow down CPU's but I only disable them on VM's where I don't use any credentials with networking. Otherwise I keep them on.

Speed has never been an issue on recent hardware with SSD drives since 15 years ago. Everyone encrypts their hard drives now.
 
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.
You need root privileges for that. Root can do anything. Don't compare that with a random X11 app that can sniff and inject anything running rootless.
 
I might have above-average speed and can notice SSD encryption enough to not use it even on NVMe + CPU AES :p
I don't notice it even on a Raspberry Pi 5b with ZFS and LUKS on Debian.

I do notice it on FreeBSD though. Something should be done about it.

I hate that Linux devs made crypto functions EXPORT_GPL_ONLY that made them unusable by ZFS, so ZFS had to implement their own. That's why I avoid ZFS native encryption, but some people use it anyway.
 
re - wayland protection from key loggers. This is just plain silly. Granted, my driver experience is in Linux, but if freeBSD has the same usbmon type module that linux has then all USB traffic can be monitored, so no, wayland cannot prevent keylogging, since the keyboard is an HID driver class and is subject to the "kernel's" IO contraints.

There are one trillion ways to get at another process' keyboard input if the attacking process is an unrestricted (no sandbox) process running in the same user ID. Starting with ptrace(2), aka the debugging interface.
 
I don't do exactly this, but I have $WORK machines (laptops) that I ssh into with X forwarding so I can "emacs work files" because I hate the format of laptops (3/4 keyboards, small screens, etc)

Yep. :)

So if a primary driver of Wayland was "gaming", I think a reasonable follow on should be "what percentage of *nix users are playing games that require the high fps/whatever metric".
Now as far as games go, games designed for children (say less than 10 yrs old) I think have higher requirements than your latest shoot em up game. Why? Have you seen the attention span of a toddler?

My opinons only:
The patterns between "gaming" (typically full screen, single application on top) vs "General use of a windowed system" (browser, multiple terminal windows, ssh sessions, running make, etc) are 180 out of phase. If Wayland is trying to optimize for the gaming experience, that implies (to me) "We don't care about the general use case. We want the single application on top to have the best performance"
I think "Wayland is an answer to a specific set of requirements" but "Wayland is not THE answer to every use case"
Wayland is excellent for gaming. That's the reason I really want it to work on my Nvidia RTX 4060. I'm giving up like 11 FPS in some games...But it's not a priority. Just fun to test games. :D
 

Demonstration of a wayland keylogger here. Admittedly this example is on linux, but I would expect similar would apply to freebsd.

"The purpose of this project is to illustrate how the strace utilitycan be used to catch all input events (mouse, keyboards, ...) within a Wayland session when the compositor is not protected against PTRACE."

He goes on to recommend some methods that can be used to prevent the attack, but says it's basically pointless.

Clearly this is a discussion that has been running for some time.

So... whether wayland is any more secure than X11... I have my doubts.
 
Back
Top