No announcement yet.

Years After Wayland 1.0, Will 2016 Be The Year Of The Wayland Desktop?

  • Filter
  • Time
  • Show
Clear All
new posts

  • #71
    Originally posted by erendorn View Post
    I don't care if an application can get root: everything important on my desktop (why I type, where I go on the internet, what I read, my browser password database, my files, these same files atacked by a cryptoransomware, etc...) are all accessible under my user permissions. User based permission is a completely useless security model in this case.
    It means that the system must be able to differentiate the user and the application running under its name, and authorize application actions using finer grained permissions.
    That's what's done in SELinux or apparmor, or in any mobile OS when you install some app.
    But for that to work, the system must be able to effectively deny an application acces to any non authorized resource, which, for input and screen access under X, you cannot.
    Problem is if your application gets root (user permissions are enough), wayland wont save you from anything it claims to prevent:
    You can set up some paranoid security settings with SELinux, like some people who actually run browsers from a different user, but you would not really want to work in such desktop. If you really need that kind of security, there is better solutions for the problem, like what Qubes OS does.