[kevincox]

> The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).

That is a very significant step. I wonder if this applies to Wayland users as well or if this was already a non-issue.

[WhyNotHugo]

It's less of an issue on Wayland.

Clients can't randomly snoop onto what others are doing (e.g.: record keystrokes while on background).

There's still _some_ attack surface on Wayland, but less than there was on Xorg.

BTW: Note sure if this feature was implemented for Wayland, but it sounds like it wasn't.

[kup0]

I wonder if this will break the hardware acceleration I've enabled to run in Firefox in X11 by using the VAAPI flags/etc

[alophawen]

The issue with Xorg is that it runs as root by default (there seems to be ways to run it as non-root according to Gentoo Wiki, but I'm pretty sure most popular distros runs it as root).

One of the selling points of wayland is that it does not.

EDIT: See child replies. I am outdated info.

[kevincox]

I don't think most distributions run X as root anymore. But it does generally have a lot of access as it can open apps and log keys.

XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running.

[alophawen]

Thanks for pointing that out. I'm not up to date on this.