undefined | Better HN

0 pointsfc417fc80210d ago0 comments

Isn't being able to read input while unfocused a huge security issue?

Meanwhile if you have root you're still free to do so directly.

0 comments

I don't think so, and it's something every Windows and X11 Linux application can do. Perhaps this perspective is a divide between people writing/using applications, and those using/writing web servers? But maybe the Wayland team disagrees, and this is one of the reasons for this restriction? I'm speculating.

171862744010d ago

A Display server is not a security boundary. If you want that start your processes as different users.

ChocolateGod10d ago

> If you want that start your processes as different users.

How does this make any difference if they're going to connect to the same IPC that handles input/display?

The display server must absolutely enforce some kind of security boundary between clients. Clients that are running untrusted code (e.g. a web browser) must not be able to hijacked into controlling a potentially privileged client (e.g. a root terminal).

j / k navigate · click thread line to collapse