On Sun, Jul 14, 2019 at 01:19:37PM +0200, Martin Steigerwald wrote: > Joel Roth via Dng - 13.07.19, 01:24: > > On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote: > > > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400 > > > > > > Steve Litt scripsit: > […] > > > Dont know if wayland is compatible to anything not gnome. But I'm > > > not verry eger to try. > > It sure is. Plasma developers are working on Wayland support since > almost as long as GNOME developers. There are still things to solve, but > they got quite far already. > > > Why throw-away a protocol stack that solves the problem? Why > > not just fix X? Keith Packard and the xorg team did a remarkable job > > of modularizing X, why not build on that? Of course anyone has > > the freedom to re-architect something, and perhaps > > network transparency will be neatly solved. I for one > > don't need to be their bug tester. I've scarcely noticed > > anything with X to complain about. > > While it is true that X11 usually just works these days, I do believe it > would be challenging to fix some of the most severe issues with it. Most > notably: > > Security of X11 is a complete mess. A complete disaster. Not > surprisingly so: Security has not been much of an issue as X11 was > invented¹. X11 Clients can do *anything*. They see all of the screen, > they can receive all of the keyboard input and… so… on… The network > layer is completely unencrypted. SSH X11 forwarding requires a lot of > trust between client and server and so on. I believe fixing it would > involve inventing a new protocol and re-implement it all from scratch. > > From what I have read and seen security in X11 is broken beyond repair.
> [1] Martin Flöser, Why screen lockers on X11 cannot be secure For me, at least this is not an issue, as I don't use a screen locker. > http://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/ > > Some of the issues with SSH X11 forwarding: > > https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding There is some danger is remoting to a malicious server, although the X11 SECURITY extension helps somewhat. > Or in more depth than I looked into (I did not watch the whole video): > > X Security, It's worse than it looks, Ilja van Sprundel > https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel This presentation is great. After reviewing a lot of the X client and X server code, he says that there are 10x as many bugs in glx (the X extension that enables X to use the GPU via the opengl API) as in the rest of X. That's interesting because glx is a newer part of X and also because the group responsible for glx are our friends at freedesktop.org. -- Joel Roth "Welcome to the World Heat Bank, where we store your waste energy and return it with interest." _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
