Hi, On 02/16/2012 08:36 PM, frqb4td wrote:
In "The Linux Security Circus: On GUI isolation" (link: http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html ) - The Invisible Things Lab's blog, Joanna Rutkowska describes attacks from one X11 app on another and the general problem of the lack of GUI-level isolation, and how it essentially nullifies all the desktop security.
well, she's initially totally missed the motivations of XACE initially and designed her own "security" mechanism then. It doesn't sound quite right in terms of research, just to begin with... anyways: "New comments have been disabled for this post by a blog administrator." :(
Can passive (snooping) attacks be avoided? The passive attack she describes certainly works on my system, though I note that one of the comments says gksudo input can't be snooped.
Input delivery for Wayland clients works in a different way from the X: while in X the events are broadcasted to all clients interested, on Wayland this happens by the compositor choosing the correct client surface (weston_compositor_pick_surface, on Weston). So I don't see any way to a client sniff another with Wayland's current model. One could eavesdrop UNIX sockets though, but that's a different story.
Can active attacks (injecting keystrokes) be avoided? I seem to recall that active attacks was turned of by default a long time ago. But a quick google suggests that the XTest extension nullifies that (How to map a key-combination to a keyboard-button?).
Wayland doesn't provide any way to inject artificial events at the moment. But definitely it will be designed with security on mind. So yeah, we're safe on this side now as well :)
Tiago _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
