The X11 SECURITY extension from the 1990ies
9 months ago
- #Wayland
- #X11
- #Security
- X11 has inherent security issues, such as trivial keylogging without exploits.
- The X11 SECURITY extension allows classifying clients as 'Trusted' or 'Untrusted' to limit interactions.
- Untrusted clients cannot spy on trusted ones, but the reverse is possible.
- Current implementation is limited with only two classes, insufficient for proper per-client isolation.
- Sandboxing is crucial; without it, untrusted classification offers little protection.
- Some applications fail to run as untrusted, while others like Firefox work well.
- Clipboard functionality is a major pain point when running applications as untrusted.
- 3D applications may not work due to lack of GLX extension support.
- The SECURITY extension could have been foundational for X11 client isolation if adopted earlier.
- Wayland is now the preferred solution over the outdated X11 SECURITY extension.