• yianiris@kafeneio.social
    link
    fedilink
    arrow-up
    1
    ·
    11 months ago

    Are you comparing 40years of graphical environment stability and global use with something that has been broken for more than a decade and now all of a sudden is portrayed as secure?

    I want to start applications as another user in my own environment and my own system and wayland prevents me, while x11 allows me (together with many forms of sandboxing and containerization).

    I have asked this question to all pretend to be experts of wayland and I have 0 responses.

    @Ullebe1 @LainTrain

    • Ullebe1@lemmy.ml
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      11 months ago

      I absolutely am. Calling Wayland “something that has been broken for more than a decade” rather than “something that has been in active development for more than a decade” is also an interesting take. By that measure X.Org is “something that has been broken for almost two decades”, so let’s just not go there. And I’m not saying that Wayland magically makes everything secure. I’m saying that Wayland (or something like it) is a necessary step if we want a desktop that is secure. I have seen people propose something like nested sandboxed X servers with a single application for each as an alternative, but I think it’s probably better to actually fix the underlying problem.

      That’s an interesting use case. It isn’t really anything I’ve had a need for, so I don’t know what the best way to do something like that is. If your compositor doesn’t allow it, could it perhaps be possible to run as a different user in a nested compositor, like Cage or gamescope? Also, how do you sandbox the applications X11 access? If they share the same server, then a sandboxed application can just wait for you to launch a terminal and use sudo, at which point it can inject a malicious command as root.

      • yianiris@kafeneio.social
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        I don’'t use systemd or logind so I don’t have to worry about such magic security violations this bogus pile of crap creates. I have more control of processes and don’t allow some “automated” service to be loging-in-out system users 2000 times a nanosecond as logind does.

        It only happens when I want it to happen, not uncontrollably.

        KISS is the best security measure.

        @Ullebe1