Announcement

Collapse
No announcement yet.

X.Org's XEyes 1.2 Released, Other Updated X11 Components Too

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org's XEyes 1.2 Released, Other Updated X11 Components Too

    Phoronix: X.Org's XEyes 1.2 Released, Other Updated X11 Components Too

    Several X.Org/X11 components saw new releases on Sunday for kicking off August, including the xeyes program seeing its first non-point release in eleven years...

    https://www.phoronix.com/scan.php?pa....Org-xeyes-1.2

  • #2
    Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...

    Comment


    • #3
      I think they went too far with security thing. It just adds so many more hoops to jump over while in the end if malicious code runs on your system you are done anyways. Ok so with wayland now we have to inject some code into every running process we want to spy on. Not exactly a big deal. In the end all it takes is one smart guy to write one library that everyone will use to achieve this, just like reflective loader on windows. Thats it. But all developers will have to suffer fallout of failed security boundary forever now. I am sure better security could have been achieved in less intrusive way.

      Comment


      • #4
        Originally posted by tildearrow View Post
        Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...
        Yes, exactly. Why should any application be able to read my mouse cursor position when the mouse is not on its surface, or all my global keyboard inputs, or the full X screen content whenever it feels like it. Damn you Wayland.

        Comment


        • #5
          Originally posted by bitman View Post
          I think they went too far with security thing. It just adds so many more hoops to jump over while in the end if malicious code runs on your system you are done anyways. Ok so with wayland now we have to inject some code into every running process we want to spy on. Not exactly a big deal. In the end all it takes is one smart guy to write one library that everyone will use to achieve this, just like reflective loader on windows. Thats it. But all developers will have to suffer fallout of failed security boundary forever now. I am sure better security could have been achieved in less intrusive way.
          Not allowing random applications to globally read the mouse cursor position is not intrusive.
          Not allowing random applications to globally read keyboard inputs is not intrusive.
          Not allowing random applications to just read any X buffer they want (screen recording) is not intrusive.

          Those things are basics, no sane individual would have the idea that those things are needed features.

          X11/Xorg is the by far worst display stack out there, there is no excuse for it anymore.

          Comment


          • #6
            Originally posted by tildearrow View Post
            Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...
            Ability to read global cursor position doesn't seem to be bad for security but there is also ability to freely read keyboard input or screen content. Is it good for entering or reading sensitive data?
            Last edited by dragon321; 02 August 2021, 06:31 AM.

            Comment


            • #7
              Xeyes is a useful utility for Wayland too because you can use it to determine if a window is running in Wayland or XWayland mode. Just run Xeyes and then move your cursor over the window in question. If the eyes move, it's Xwayland, otherwise it's regular Wayland.

              Comment


              • #8
                Originally posted by tildearrow View Post
                Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...
                Everything is possible with Wayland. it only needs a protocol to be defined, then used by the server implementation (with good rights management because an app reading the global cursor position is a security issue). Easy.

                Comment


                • #9
                  Originally posted by bitman View Post
                  I think they went too far with security thing.
                  Its not really about security. It is simply that Wayland is lacking functionality required for a modern and flexible display system.

                  Comment


                  • #10
                    Originally posted by Alexmitter View Post

                    Not allowing random applications to globally read the mouse cursor position is not intrusive.
                    Not allowing random applications to globally read keyboard inputs is not intrusive.
                    Not allowing random applications to just read any X buffer they want (screen recording) is not intrusive.

                    Those things are basics, no sane individual would have the idea that those things are needed features.

                    X11/Xorg is the by far worst display stack out there, there is no excuse for it anymore.
                    All these things have legitimate usecases. I would add reading window position and explicitly positioning windows to the list. Fine, do not disclose pixmaps of entire desktop or global mouse position, but provide knobs to opt in for this behavior, something like a permission model on mobiles. I had a handy app made for myself which takes a screenshot of entire desktop on hotkey press. Bye that. People who pretend wayland is like jesus of security are so misled. Nothing will ever protect you from malicious code that runs on your system. Ever. I am not saying there is no point in trying, but there is no point in making extraordinary usability sacrifices for a non-solution.

                    Comment

                    Working...
                    X