Originally posted by emblemparade
View Post
Announcement
Collapse
No announcement yet.
XWayland Initial Window Positioning Merged For Wayland's Weston
Collapse
X
-
Originally posted by emblemparade View PostAlso, Weston might be a useful compositor for tiny implementations in the embedded industry.
- Likes 1
Comment
-
Originally posted by bregma View Postit's unlikely anyone could exploit a backdoor in your in-car infotainment system and do anything nefarious
interactive applications would never ask for your Facebook password anyway.
Comment
-
Originally posted by bregma View PostAnd after all, devices like that would never be prone to security vulnerabilities. There's no way your video camera, for example, could become part of a botnet that could be used to DDoS the internet, so it's unlikely anyone could exploit a backdoor in your in-car infotainment system and do anything nefarious, and interactive applications would never ask for your Facebook password anyway.
Weston not being designed for max security is again irrelevant in this current situation.
Comment
-
Originally posted by SpyroRyder View Post
That depends on the car infotainment system being used. Ideally it wouldn't be able to mess with the rest of the car but increasingly often they are putting things that manage actual car functions into these systems. Added to that is that the entire industy doesn't know how to program securely because they have never had to in the past and you've got an interesting case for things going terribly wrong.
Unless they integrate a facebook login for some feature like a settings or data sync
The fact is people *will* have non-administrator password entry dialogs on connected devices, consumers don't check for the obscure hints that it's not legit, and if this Weston server is used complete with its known-exploitable security flaws in such a device, well, all your base are belong to us now.
The internet is a harsh place filled with predators. Production-quality display servers like Kwin, Mutter, and Mir do not support this particular exploit by design. The Wayland protocol does not even support this directly. I think it's a mistake to add a known exploited flaw to the reference display server implementation that is a part of the Wayland project, because it will surface in the wild and bring an undeserved bad name to the Wayland project as a whole.
- Likes 1
Comment
Comment