Announcement

**tildearrow** · 02 August 2021, 05:55 AM

Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...

**bitman** · 02 August 2021, 06:17 AM

I think they went too far with security thing. It just adds so many more hoops to jump over while in the end if malicious code runs on your system you are done anyways. Ok so with wayland now we have to inject some code into every running process we want to spy on. Not exactly a big deal. In the end all it takes is one smart guy to write one library that everyone will use to achieve this, just like reflective loader on windows. Thats it. But all developers will have to suffer fallout of failed security boundary forever now. I am sure better security could have been achieved in less intrusive way.

**Alexmitter** · 02 August 2021, 06:23 AM

Originally posted by tildearrow View Post

Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...

Yes, exactly. Why should any application be able to read my mouse cursor position when the mouse is not on its surface, or all my global keyboard inputs, or the full X screen content whenever it feels like it. Damn you Wayland.

**Alexmitter** · 02 August 2021, 06:28 AM

Originally posted by bitman View Post

I think they went too far with security thing. It just adds so many more hoops to jump over while in the end if malicious code runs on your system you are done anyways. Ok so with wayland now we have to inject some code into every running process we want to spy on. Not exactly a big deal. In the end all it takes is one smart guy to write one library that everyone will use to achieve this, just like reflective loader on windows. Thats it. But all developers will have to suffer fallout of failed security boundary forever now. I am sure better security could have been achieved in less intrusive way.

Not allowing random applications to globally read the mouse cursor position is not intrusive.
Not allowing random applications to globally read keyboard inputs is not intrusive.
Not allowing random applications to just read any X buffer they want (screen recording) is not intrusive.

Those things are basics, no sane individual would have the idea that those things are needed features.

X11/Xorg is the by far worst display stack out there, there is no excuse for it anymore.

**dragon321** · 02 August 2021, 06:29 AM

Originally posted by tildearrow View Post

Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...

Ability to read global cursor position doesn't seem to be bad for security but there is also ability to freely read keyboard input or screen content. Is it good for entering or reading sensitive data?

**chuckula** · 02 August 2021, 06:29 AM

Xeyes is a useful utility for Wayland too because you can use it to determine if a window is running in Wayland or XWayland mode. Just run Xeyes and then move your cursor over the window in question. If the eyes move, it's Xwayland, otherwise it's regular Wayland.

**guildem** · 02 August 2021, 06:30 AM

Originally posted by tildearrow View Post

Example of what's Impossible on Wayland. No way to read the mouse cursor position in the name of security...

Everything is possible with Wayland. it only needs a protocol to be defined, then used by the server implementation (with good rights management because an app reading the global cursor position is a security issue). Easy.

**kpedersen** · 02 August 2021, 07:06 AM

Originally posted by bitman View Post

I think they went too far with security thing.

Its not really about security. It is simply that Wayland is lacking functionality required for a modern and flexible display system.

**bitman** · 02 August 2021, 07:20 AM

Originally posted by Alexmitter View Post

Not allowing random applications to globally read the mouse cursor position is not intrusive.
Not allowing random applications to globally read keyboard inputs is not intrusive.
Not allowing random applications to just read any X buffer they want (screen recording) is not intrusive.

Those things are basics, no sane individual would have the idea that those things are needed features.

X11/Xorg is the by far worst display stack out there, there is no excuse for it anymore.

All these things have legitimate usecases. I would add reading window position and explicitly positioning windows to the list. Fine, do not disclose pixmaps of entire desktop or global mouse position, but provide knobs to opt in for this behavior, something like a permission model on mobiles. I had a handy app made for myself which takes a screenshot of entire desktop on hotkey press. Bye that. People who pretend wayland is like jesus of security are so misled. Nothing will ever protect you from malicious code that runs on your system. Ever. I am not saying there is no point in trying, but there is no point in making extraordinary usability sacrifices for a non-solution.

Announcement

X.Org's XEyes 1.2 Released, Other Updated X11 Components Too

X.Org's XEyes 1.2 Released, Other Updated X11 Components Too

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment