Hi, On 16 February 2012 18:36, frqb4td <frqb...@onet.pl> wrote: > One application can sniff or inject keystrokes to another one, can take > snapshots of the screen occupied by windows belonging to another one, etc.
That's more or less irrelevant really. If you give session access to hostile apps, they could easily do things like repeatedly steal all the clipboard contents (at best) or just pretend to be your web browser or terminal and steal every single one of your credentials (at worst). So, don't do that. > Can passive (snooping) attacks be avoided? The passive attack she describes > certainly works on my system, though I note that one of the comments says > gksudo input can't be snooped. Indeed, neither can screensavers. They can be avoided, and Wayland doesn't allow for them. > Can active attacks (injecting keystrokes) be avoided? I seem to recall that > active attacks was turned of by default a long time ago. But a quick google > suggests that the XTest extension nullifies that (How to map a > key-combination to a keyboard-button?). I believe Wayland won't be vulnerable to these either. But seriously - if you can't trust an app, don't give it arbitrary access to your desktop session. It's not going to end well. Cheers, Daniel _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
