Announcement

Collapse
No announcement yet.

Wayland Remote Desktop May Come To Fedora 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Yes, your example is such a use case, which I already mentioned before. Simply don't input anything sensitive (you *can* input sudo password though) when you have an untrusted firefox running (i.e. if you've visited shady sites in that session).

    And btw, this should apply regardless of X being secure or not. The point is that exploits exist, even for Wayland, so it's only sane to do this no matter what.

    If you really ought to input something sensitive, then kill all firefox user apps (sudo pkill -9 --uid firefoxUser) before commencing. No, it's not inconvenient, you can just make a script and add sudoers rule so that it can happen with 1 click (no need to even input password).
    Last edited by Weasel; 06-09-2018, 10:52 AM.

    Comment


    • #22
      Originally posted by johnc View Post
      X has had this for 25 years. Nice to see them catching up though.
      And when X received support 25 years ago, it already existed longer than Wayland, so it's only normal that Wayland is playing catch-up.

      Comment


      • #23
        Originally posted by Weasel View Post
        Yes, your example is such a use case, which I already mentioned before. Simply don't input anything sensitive (you *can* input sudo password though) when you have an untrusted firefox running (i.e. if you've visited shady sites in that session).

        And btw, this should apply regardless of X being secure or not. The point is that exploits exist, even for Wayland, so it's only sane to do this no matter what.

        If you really ought to input something sensitive, then kill all firefox user apps (sudo pkill -9 --uid firefoxUser) before commencing. No, it's not inconvenient, you can just make a script and add sudoers rule so that it can happen with 1 click (no need to even input password).
        This is insanity. Virtually every single gui application today is so complex that you cannot trust it. Are you going to kill every single gui application then you do anything sensitive on your machine every time? Heck, you actually need to kill any application running by your untrusted users because X only allows to discriminate on a per user basis.

        Comment


        • #24
          No you only need to do that with applications that you allow to be online. You should not let them access the internet by default, in my opinion.

          Of course, I'm not saying that Wayland has worse security than X or the same. But people speak as if X is so insecure that as soon as you plug the internet your PC is compromised. And Wayland tries way too hard to secure itself at the expense of important features, which I can't get behind.

          If you run all apps you trust without internet access then just add a rule to e.g. iptables -A OUTPUT -m owner --uid-owner username -j DROP

          Comment


          • #25
            Originally posted by Weasel View Post
            No you only need to do that with applications that you allow to be online. You should not let them access the internet by default, in my opinion.

            Of course, I'm not saying that Wayland has worse security than X or the same. But people speak as if X is so insecure that as soon as you plug the internet your PC is compromised. And Wayland tries way too hard to secure itself at the expense of important features, which I can't get behind.

            If you run all apps you trust without internet access then just add a rule to e.g. iptables -A OUTPUT -m owner --uid-owner username -j DROP
            1. Which features are you missing? The shitty X11 remote access with horrible latency? The other two thinks I can think of are a screen recorder (which we are getting as part of the compositer there it should go and not as a god like application which can just do what ever it wants) and global hotkeys. All of which people are working on and are trying to standardize and get actually better solutions then we had in the past. And while I like that, I can count the occurrences I used this features on one hand. Am I missing something here?
            2. You need to do that with any app which gets untrusted input. So not only internet access but also filesystem access to untrusted files which means its all apps by default.
            And I repeat again, this is insane, noone on this planet does that.

            Comment


            • #26
              Originally posted by Weasel View Post
              Yes, your example is such a use case, which I already mentioned before. Simply don't input anything sensitive (you *can* input sudo password though) when you have an untrusted firefox running (i.e. if you've visited shady sites in that session).

              And btw, this should apply regardless of X being secure or not. The point is that exploits exist, even for Wayland, so it's only sane to do this no matter what.

              If you really ought to input something sensitive, then kill all firefox user apps (sudo pkill -9 --uid firefoxUser) before commencing. No, it's not inconvenient, you can just make a script and add sudoers rule so that it can happen with 1 click (no need to even input password).
              LOL
              I'm just really glad that you're on your own with this mindset, or the year of the Linux desktop would never come in a million years.

              Comment


              • #27
                Originally posted by Weasel View Post
                Snippet from that opinon

                I look at Wayland and think, "hmm... that's a probably-interesting solution to a set of problems I just don't have."

                I've never in my life seen this "tearing" that people keep complaining about. OTOH I use X's network transparency daily
                "Set of problems I just don't have" - Just because you don't have them, doesn't mean they don't exist. If they're so happy with X, just use X, you have to go out of your way to use Wayland currently, so I don't see the problem.

                "I've never seen tearing" - Works on my machine, therefore it doesn't exist. Flawless argument, absolutely watertight. They've got me there.

                "I use X's network transparency daily" - most current implementations of X are not network transparent. So if you're using VNC or anything like that, you're not using network transparency. You're using the same type of thing being implemented in Wayland i.e. a compressed image being sent over the network. If you are using some arcane network transparency feature from X when it was actually network transparent, then I don't think it's fair to say you're a good representation of the average Linux desktop user.

                Comment


                • #28
                  Originally posted by pininety View Post

                  So virtually any program using qt5 or gtk3?

                  Most programs utilizing a framework shouldn't really care about wayland vs X11 because they are doing exactly the same, render locally and then handing over the buffer to have it displayed.

                  There are a few differences, I admit, like global hotkeys or screen recording but that is mainly due to the more secure design of wayland over X11 (with wayland, a virus cannot alter for example the output of firefox by just drawing over it or collecting all your keystrokes of a different program.) It is really hard to distinguish a keylogger from a program looking for keystrokes to do hotkeys so thats were some work is afaik still missing.
                  which programs need to be converted to make them compliant with wayland? As example Krita, gimp, kolourpaint the browasers as chromium or firefox or falkon....

                  Comment


                  • #29
                    Originally posted by Weasel View Post
                    The basic rule in unix is: run an application under the same user as the one you gave sudo access to, and you implicitly TRUST it. If you're afraid of keyloggers for example (and exploits will always exist no matter of idealistic bs, there have been wayland keyloggers already).
                    There is a difference between exploits and "no enforcement whatsoever" X11 does not even enforce limits, any application can just snoop every other.

                    Also the "I run only stuff I trust" model was right maybe when the computers were running DOS and other simple stuff, in the modern world it's simply flawed and opens the door to malware.

                    Comment


                    • #30
                      Originally posted by Weasel View Post
                      Yes, your example is such a use case, which I already mentioned before. Simply don't input anything sensitive (you *can* input sudo password though) when you have an untrusted firefox running (i.e. if you've visited shady sites in that session).

                      And btw, this should apply regardless of X being secure or not. The point is that exploits exist, even for Wayland, so it's only sane to do this no matter what.

                      If you really ought to input something sensitive, then kill all firefox user apps (sudo pkill -9 --uid firefoxUser) before commencing. No, it's not inconvenient, you can just make a script and add sudoers rule so that it can happen with 1 click (no need to even input password).
                      I'm here wondering why you think only Wayland exploits matter, while there cannot be exploits in the rest of the system that make futile all the circus you're doing here.

                      I mean, the linux kernel does offer namespaces, cgoups and other security features that go above and beyond the basic "user separation" for a reason.
                      Last edited by starshipeleven; 06-10-2018, 10:08 AM.

                      Comment

                      Working...
                      X