On Sun, Jul 14, 2019 at 01:19:37PM +0200, Martin Steigerwald wrote:
> Joel Roth via Dng - 13.07.19, 01:24:
> > On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote:
> > > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400
> > >
> > > Steve Litt scripsit:
> […]
> > > Dont know if wayland is compatible to anything not gnome. But I'm
> > > not verry eger to try.
>
> It sure is. Plasma developers are working on Wayland support since
> almost as long as GNOME developers. There are still things to solve, but
> they got quite far already.
>
> > Why throw-away a protocol stack that solves the problem? Why
> > not just fix X? Keith Packard and the xorg team did a remarkable job
> > of modularizing X, why not build on that? Of course anyone has
> > the freedom to re-architect something, and perhaps
> > network transparency will be neatly solved. I for one
> > don't need to be their bug tester. I've scarcely noticed
> > anything with X to complain about.
>
> While it is true that X11 usually just works these days, I do believe it
> would be challenging to fix some of the most severe issues with it. Most
> notably:
>
> Security of X11 is a complete mess. A complete disaster. Not
> surprisingly so: Security has not been much of an issue as X11 was
> invented¹. X11 Clients can do *anything*. They see all of the screen,
> they can receive all of the keyboard input and… so… on… The network
> layer is completely unencrypted. SSH X11 forwarding requires a lot of
> trust between client and server and so on. I believe fixing it would
> involve inventing a new protocol and re-implement it all from scratch.
>
> From what I have read and seen security in X11 is broken beyond repair.

> [1] Martin Flöser, Why screen lockers on X11 cannot be secure

For me, at least this is not an issue, as I don't use a
screen locker.

> http://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/
>
> Some of the issues with SSH X11 forwarding:
>
> https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding

There is some danger is remoting to a malicious server,
although the X11 SECURITY extension helps somewhat.

> Or in more depth than I looked into (I did not watch the whole video):
>
> X Security, It's worse than it looks, Ilja van Sprundel
> https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel

This presentation is great. After reviewing a lot of the X client and X
server code, he says that there are 10x as many bugs in glx
(the X extension that enables X to use the GPU via the
opengl API) as in the rest of X.

That's interesting because glx is a newer part of X
and also because the group responsible for glx
are our friends at freedesktop.org.

--
Joel Roth

"Welcome to the World Heat Bank, where we store your waste
energy and return it with interest."