[Seirdy]

The biggest reason is security. X offers no GUI isolation. This is a basic mitigation that should have been the norm a decade or two ago.

Advanced mixed DPI also comes to mind.

Another is performance: Sway easily outperforms DWM/i3/AwesomeWM on most ARM devices when configured for minimal latency.

[destructionator]

> The biggest reason is security. X offers no GUI isolation.

This is completely false. X offers both nesting for full isolation and a concept of "untrusted" connections for partial isolation. This is the reason why ssh -Y and ssh -X are separate things.

These facilities could use a little love to make them user friendly, etc., but they're there and have been for ages (enabled by default around 2013, present before then).

X also supports advanced mixed DPI, providing all the information to the application to handle it as they see fit.

[md8z]

I'm really disappointed to see this get mentioned in this context, it's not relevant. At least on debian, ssh -Y and ssh -X has done the same thing since like 2013 because ssh -X is broken and causes clients to crash. The "sandboxing" there doesn't really work. And it's a lot more than a little love that they need to get them working, the whole reason Xephyr sandboxing exists is because Xsecurity and XACE are so broken that it's unusable. You can see more about this in another comment here: https://news.ycombinator.com/item?id=29092612

[yyyk]

Security would be the worst reason. Zero cases in the wild, and it's not that difficult to add access checks to X - there used to be an X extension to do this.

The real reason would be that X contains lots and lots of cruft which isn't used anymore and it made development&testing impossible.

[Seirdy]

> Zero cases in the wild

Follow along this post and you'll end up with one case in the wild all by yourself on your own machine: https://theinvisiblethings.blogspot.com/2011/04/linux-securi...

Xace was designed to address the mess that is Xsecurity and using the SELinux sandbox for GUI apps, except Xace barely works for mitigating exploits well on the desktop; it's so finicky that Dan Walsh himself concluded that XACE does not work and instead opted to use nested X servers (!!): http://people.fedoraproject.org/~dwalsh/SELinux/Presentation...

[wing-_-nuts]

I read the article, I'm still not clear on why it's a problem. I'd have a very big problem if another user, using my machine via x forwarding, could capture my inputs, but that doesn't seem to be the case here? It seems that this is only for applications running on the same display.

So, to be blunt, this 'security feature' breaks a whole hell of a lot of use cases. If wayland wished to go down this route they should have displayed a prompt to the end user 'this application wishes to record the screen, that ok?'. The last time I made this point someone snidely informed me that 'this was not wayland's responsibility'. I'm sorry, if you break my use case you make it your responsibility!

[md8z]

That is exactly what will happen on a Wayland when you use the portal API, it shows a prompt asking for permission to record your screen and then it sends the stream over pipewire.

It is true that it isn't strictly the responsibility of the Wayland protocol, the API functionality is still there just it has moved somewhere else where it's more appropriate.

[yyyk]

>>Zero cases in the wild

>Follow along this post and you'll end up with one case in the wild all by yourself on your own machine

I know it's possible. The 'case in the wild' terminology is asking whether this was ever weaponized in an exploit. I don't recall X ever being an attack vector in the last decade or two. I guess there are more than enough ways to gain local root this class of exploits doesn't matter.

Now, I'm all for closing this hole. But there's something bad about a development strategy that finds things like this and DPI with multiple monitors very important - the vast vast majority of users only have a single monitor - and mostly ignored scenarios like remote desktop until 2020 or so - remote desktop always used by several orders of magnitude more users than HiDPI, and a little tiny bit more important with this mass pandemic going on.

Maybe that's why transitioning from X to Wayland takes more time than transitioning from python2 to python3, a well known example of successful migration.

[kaba0]

There are so many holes in linux’s userspace’s “security” that we should start listing the actually protected parts. The only reason there are no linux botnets everywhere is because libre software fundamentally have good intentions.

So the reason for not exploiting X may very well be simply because there is an even easier exploit available..