That's the topic of the comment I replied to. Maybe you should read the thread before you reply to somebody. Do you even know what xsecurity and xace is?
“Nobody has got their security or privacy compromised through x11 in the 40 years that it has existed.” —you
I do not think you’re familiar with the topic. I think you’re a dishonest dilettante.
Everybody knows that the xorg server has had vulnerabilities reported. There are vulnerabilities reported and fixed every year. Every software has vulnerabilities, that's unrelated to x11 itself (and xsecurity and xace). I obviously meant that nobody has run a x11 keylogger on their system because of malware, that stole their password and other sensitive information. The malware you posted has also not been run by anybody and has had their information stolen. You're free to prove me otherwise. Of course people did take advantage of x11 (to run applications on other users computers) for fun at school before user restriction was added and enabled by distros (with xsecurity). It's a security theater to pretend that something is a real issue when it's not.
…which constitutes a compromise of security and privacy. Which you claimed has never happened.
There appear to be several malware incidents that did use X11 for keylogging and/or screen capture. Not an X11 vulnerability but just the way it's designed that once they could become the user they could watch the user.
Was anyone actually the victim of one of such attacks, that specifically targeted x11 keylogger/screenshot (and was the user safe if they instead ran wayland)? If anyone was, then I'll take back what I said. Because there is a difference between malware existing (anyone can write malware) and it having affected people.
Yeah which is why the Wayland Cultists using security as a reason to deprecate Xorg is stupid. If an attacker is in a position to mess with Xorg then it's too fucking late and using Wayland wouldn't do anything
The exploit I linked to from 2006 doesn’t require you to be “in a position to mess with Xorg”. You run it as an unprivileged non-admin user and you get a root shell.
We're not saying nothing gets owned, we're saying that Xorg and Wayland security doesn't actually matter because attackers can own them regardless.The exploit I linked to from 2006 doesn’t require you to be “in a position to mess with Xorg”. You run it as an unprivileged non-admin user and you get a root shell.
Also note that the exploit was written in 2006 but Solaris didn’t find out about it or patch it until 2012. If you google the name of the Solaris 8 patch provided in the exploit, you find out it was released November 2012: https://getupdates.oracle.com/readme/119067-12
I’m sure no fun or security/privacy compromises were had in the intervening 6 years.
This instinctual disbelief that Unix/Linux systems don’t get compromised is particularly hilarious if you lived through the incessant hacker-on-hacker wars. (Notably, the one factor that dramatically decreased the amount of hackers hacking other hackers was….. grsecurity.)
Enjoy the most thrilling journal of documenting hacked hackers, Zero For 0wned.
You may be losing this argument but at least you're funny.
Yeah, especially when things like a lot of the local privesc that only harm Google and others that try to lock people out of their own devices get a trademarked name and logo.
It reminds me a lot of how in scientific circles scientists will fudge things sometimes to have some kind of relevant positive outcome in a paper instead of just admitting that it all was just irrelevant noise (even though that can be scientifically valuable too) because the former is more valuable in furthering the scientist's career. Every security researcher wants to find the biggest exploit ever so it's quoted more and makes the security researcher in question more relevant so they're not above misrepresenting the severity of any given exploit to reach that goal. The number of times some exploit was played up to end all computers just to in the end require local access to the machine or a user with almost-root-privs or have somewhere in fineprint that the exploit is mathematically infeasible or some similar nonsense is kind of crazy.
Its all publicity poison. Security research right now is the current thing for getting fast and easy clout because even an initiate programmer can point Claude at $CODE_BASE and ask it to find something or other. The overwhelming majority of security reports you get today are all local priv esc. Not that they don't matter, but they are hardly worth even a third of the attention they get. Its all clout farming. Not that I can blame them of course, given the current state of things of both corporate work and academia.
Tried. Didn’t work out. Fick them
Late reply (didn't spot it until the reply above), but it's Raku you heathen.
To avoid stagnating on wayland hate here: in the beginning forcing a fresh start seemed like a good idea, and Qt also had a good approach where they abstracted away a lot of both the server and client side (similar to wlroots).