this post was submitted on 29 Apr 2024
474 points (96.1% liked)

linuxmemes

21255 readers
938 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     

    If anyone wants to give an ELI5 or a link to a video that ELI5 I'd be incredibly thankful

    I swear that all the stuff I find is like super in depth technical stuff that just loses me in no time flat

    you are viewing a single comment's thread
    view the rest of the comments
    [–] havokdj@lemmy.world 1 points 6 months ago

    You're missing the point. When you run an x client in wayland, you are still running an x server. Every vulnerability an x server has, xwayland has. I don't need to name anything specific because you can legitimately go and look this up yourself.

    Don't think you are fully safe from keylogging in xwayland either, you are only safe from keylogging in wayland apps, xwayland clients can keylog other xwayland clients because x servers can see other x servers, in other words, they are all still very much running seperate PIDs on your system which means at the very least they can still touch each other. XWayland, by default, does not really sandbox clients because why exactly would it need to? Do you realize exactly how much of a feat that would take to truly isolate an x server from the rest of your system? That is an inherent flaw with X itself because X never set out to acheive those goals in the first place.

    If you are at the point where you have to be worried about protecting your xsession or wayland session, you need to make a fresh install and tighten your security accordingly. All that tightening down your window manager does is make an attacker go for a lower hanging fruit on your system, that's why you should make your machine unfeasible to even attack in the first place. You can go run around and try to tighten every little nook and cranny, but if someone is determined to get into your system, they will eventually get in. The malicious parties we are trying to defend against with general security practices are not nation state hackers, they are skids and standard malware.