[znpy]

Yes, I am aware about this.

Yet the most common way to denigrate Xorg is to assert that Xorg is basically a keylogger. Which might be true, but as this post shows just switching to Wayland doesn't offer any additional protection under the key-logging point of view.

You might combine a sandboxing technique with Xorg too, by the way.

[kaba0]

I can’t understand what is so hard to understand... under Xorg a program even with a traditional sandbox in which it can’t do anything, but display a window IS basically capable of keylogging everything, getting a root password etc. On wayland with the same sandbox you are safe from said attack — this exploit works by tampering with dynamic libs, but that is not available inside a sandbox and it is simply pedantic. It’s like saying a car failed a crash test when they throw it off a building and it arrived on its top..