You don't get CVE for something that is simply available as-is and is not being prevented in any way.
Here you don't even need to manipulate other processes memory, you can simply put your own binary in $HOME, alter $PATH and wait or induce session restart.

​The wayland page at freedesktop.org has mentioned and links to the resources for building XWayland since at least 2012 according to the internet archive's wayback machine.

I guess talking out of your ass is something of a specialty of yours when you get the time of release wrong by 9 years. You may want to look thing up before talking if you don't want to look like an idiot.

Furthermore, your English is crap because when spelled out what you said meant; "There are multiple ones in a row from the latest on" and not "One in 2015 and then another 9 years later". Either learn to use a language properly or don't use it at all.

English is my 3rd language so you really have no excuse here...

It's because we aren't talking about a few years, it's been 12-(almost)17 years depending on what metric is used. I just got done reading an article written in 2011 about attempts to port neon to Wayland. And the funny thing is they'll try to claim it didn't even exist that far back while still calling it the future.

releases and their dates are here

the first release of xwayland was 2021-02-17 17:07

its had a point release for a new vuln set every other month since then.

Yeah that's true for certain, but xWayland has existed since long before then by at least a decade.

I'm not sorry, I don't agree. Wayland sessions have so much basic functionality missing that it just feels broken. It cant remember window location, it can't support popup dialogs, it can't track curser location, etc... And I KNOW I'm not the only one to say these things to you guys. You put your head in the sand and say it works all you want but it DOES NOT. It doesn't!! And this is why people don't trust you guys. At this point it's plainly obvious that Wayland won't get fixed, will never be feature complete and will always feel broken...

Argghhh!! This is so frustrating. You guys are -exactly- the reason why linux can't take desktop marketshare... it is waylands fault...

EDIT: If security by obscurity was your goal then you accomplished it! Good Job!!

EDIT: You guys and your insistence that it's just fine is exactly what's wrong with wayland and why it still doesn't work.

EDIT: Just because 1/8th of Gnome gamers can tolerate it doesn't mean it isn't broken! It IS!!

anyone who recommended waypipe to you, like you, has never run it, let alone assessed its suitability for use in a production environment.

Because those that have do not recommend it - including the author of waypipe.

To be clear before commenting, I'm not a "pro-Wayland" kind of guy. Nor pro-x, I'm a "I trust my distro maintainers have my best interest in mind", and at some point here in these forums I even said so, saying that I have never used Wayland, but won't resist when opensuse tumbleweed updates my system to use it.


What I do want to say tho, is that Iwas incorrect and did not know. My desktop is huge, very performant, always up to date and I use tumbleweed. But my laptop is a 13' thinkpad that I use exclusively when I need the portability. Just this week I found out it is running Wayland. I did not know, I did not have any issues with it that made me find it out, I did not miss on any features.

That includes pop up notifications, window positioning (less important with a 13' screen and gnome shell extensions for tiling), etc etc. It does not include gaming, and remoting was only done with Rust desk. Another thing that I thought wouldn't work in Wayland but apparently does work and has worked for all this time, is using "barrier" to control multiple machines with a single set of peripherals.


So yeah, just came to say that Wayland has worked so well for me for the last couple of years that I even thought I had never tried it.

The failure of Linux on desktop (which is not a failure) has nothing to do with wayland or xorg, wayland is now starting to be adopted significantly by distros and the situation is the same as before. So what failure are you talking about?
Because if you're talking about market shares, the last statistic I saw Linux is on the rise, but let's be clear no distribution or almost no distribution aims to have more market shares, it's simply not interesting as it's not profitable, however if a company aims to the desktop market perhaps with a paid distribution, it cannot distribute software that it knows to be vulnerable, in the same way as Google cannot distribute software that it knows to be vulnerable, after which all complex software can have security bugs, but they must be corrected once once the vulnerability is discovered.
Those of Xorg are not security bugs, but design flaws due to when it was designed, too many years ago, when PCs were anything but.​

That's xwayland server. xwayland itself has existed since at least 2012. That's like saying that Coca Cola came out in 1985 because that's when they started selling cherry Coca Cola.

Nothing there says anything about vulnerability fixes so you're back to talking out of your ass.

Well... At least you're being consistent...