Today I discovered that in order for Drag and Drop to work on Chromium in Wayland, I have to start it as an X11 application. LOL
Announcement
Collapse
No announcement yet.
X.Org Server & XWayland Hit By Four More Security Issues
Collapse
X
-
Originally posted by oiaohm View PostX11 protocol core design had the horrible idea that you would be inside single trusted business LAN. Yes core design predates WAN being used in a big way.
- Likes 4
Comment
-
Originally posted by kpedersen View PostI.e An application run in i.e an Xnest, Xephyr, etc with its own Xauthority file (and display socket) will be unable to access any of your other programs running on your main Xorg session.
This nesting for anti snooping turns out not to be as dependable as one would hope.
Originally posted by kpedersen View PostAs I mentioned before, only applications that you give permission to (by giving them access to the Xauthority file), will be able to access your Xorg session.
Dbus and policykit solutions being made today is kind of halfway between XACE X11 and X11 with just Xauthority. So more secure than X11 with just Xauthority and not as much of a total nightmare as XACE with X11.
- Likes 1
Comment
-
Originally posted by oiaohm View Post
You run into the problem where you use Xnest/Xepher and you can see the environmental vars displaying the other sessions and other Xauthority files.
One where you can see it done well (after a lot of cleaning up from Sun) is Solaris 10's JDS (Gnome 2.x) where they engineered it to be correct for VNC and Sun Ray Software.
Originally posted by oiaohm View PostYes you can end up with applications poorly coded with hard coded connect to display :0 and of course the Xnest/Xepher is display :1 or greater so the application connects to the wrong screen and find valid Xauthority.
I tend to start my X instance on :2 (mostly so I can identify broken software early on). This (or randomization) should be the default.Last edited by kpedersen; 04 April 2024, 10:58 AM.
- Likes 2
Comment
-
Originally posted by kpedersen View PostYou really don't. This is always due to dbus and other mess screwing up sessions.
Originally posted by kpedersen View PostOnce Gnome/Wayland matures to start adding all the daft IPC features under the sun for Wayland / waypipe, you will encounter the same mess.
Waypipe says that wayland over network is possible but since waypipe does not transport the dbus part so this results in particular intergrations breaking users are likely to avoid this and go for RDP or some other protocol like it with more fine grain controls.
Originally posted by kpedersen View PostI tend to start my X instance on :2 (mostly so I can identify broken software early on). This (or randomization) should be the default.
- Likes 2
Comment
-
Originally posted by oiaohm View Post
Problem major item users use that is web browsers is progressively getting more and more powerful.
[...]
Yes we do need a functional container solution for applications. Everyone on the Internet really does need it.
Originally posted by oiaohm View PostLot of ways rrveex you are being the idiot. The reality is security models always need to evolve. Modern Web browsers have made it way more simple to get untrusted programs on to your computer that can do many horrible things. People lose their bank accounts/google/youtube/... online accounts all the time due to attacks against browsers.
Then they start their flashy new troian to go to some instaporn site and press on "you are the milionth visitor, press here fill in your banking information so we give you 1 million dollars".
Fortunately (for them), the malware won't be able to take screenshots of their stupidity, because PipeWire screen-grab probably won't work because of the bugs.
olaohm, I didn't call *you* an idiot, don't really get it why you felt as if I had attacked you personally (like you did to me). Perhaps you some kind of defender of the rights of idiots everywhere?
- Likes 1
Comment
-
Originally posted by oiaohm View PostSorry to say I saw Xnest break out before dbus existed. So I have been around the Unix world for a very long time.
I doubt it was tooltalk you saw facilitating a break out from Xnest, so I am going to assume it was a Linux technology rather than Unix?
Originally posted by pracedru View Post
This is true. X11 also works very poorly on networks with high latency or package drops. Latencies above 20ms makes X11 almost entirely unusable.Last edited by kpedersen; 04 April 2024, 03:27 PM.
- Likes 2
Comment
-
Originally posted by guiodic View Post
Wayland is developed (in a manner of speaking since they do not write code) by a new breed of developers who never understood how Xorg worked. Historical Xorg developers like Keith Packard have nothing to do with Wayland.
- Likes 2
Comment
-
Originally posted by kpedersen View Post
you specifically mentioned "framebuffer"?
As I mentioned before, only applications that you give permission to (by giving them access to the Xauthority file), will be able to access your Xorg session.
I.e An application run in i.e an Xnest, Xephyr, etc with its own Xauthority file (and display socket) will be unable to access any of your other programs running on your main Xorg session.
Anyway, I did some tests, and enabling the security extension seems to disable, at least, OpenGL acceleration and fullscreen support.
- Likes 1
Comment
-
Originally posted by kpedersen View PostAs you know, dbus is really just the current version of the same old dodgy paradigm. tooltalk / CORBA / DCOP were some earlier examples.
I doubt it was tooltalk you saw facilitating a break out from Xnest, so I am going to assume it was a Linux technology rather than Unix?
You are right tooltalk had nothing todo with the breakout. It was way the aquired X11 code in the program was written. I started with the :0 display then searched for the matching Xauth. The oldest applications I found this horrible hard cored :0 was from 1984 of course there could be old. This defect predates tooltak/CORBA/DCOP and dbus.
Yes tooltalk was Sun tech. But you need to look up the Sun presentations on XACE work you will find them list cases of applications with the same code problem I cam across in the past and the issue starts older than tooltalk new programs keep on turning up with the same defect most intentional malware where they are designed to connect if possible to the host X11 server..
- Likes 1
Comment
Comment