• jaxil6
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    38
    ·
    9 months ago

    I thought wayland was supposed to improve security. Were the past 18 years a lie?

    • TheGrandNagus@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      9 months ago

      This is such a dumb comment. Jesus.

      “I thought passwords were meant to improve security! So how come I got a virus???”

      • jaxil6
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        9 months ago

        They should be more specific. This is just false advertising.

        • baseless_discourse@mander.xyz
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          9 months ago

          Um, this is like saying full disk encryption is false advertising, because it doesn’t prevent people blowing up your apartment complex. LOL.

          Sorry, dude, I cannot resist. No hate to you, we all need to start from somewhere.

        • ProgrammingSocks@pawb.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          9 months ago

          Wayland isn’t a product. You’re gonna have to get your mind out of capitalism to understand the free software community.

    • Klara@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      This is different from the Wayland security model, as Wayland restricts the ability for clients to modify and read from other clients arbitrarily. This is an extension to a Wayland compositor, and as all extensions do, it contains code which runs on your system. Any code, unless sandboxed, can access your filesystem no matter if it’s run under Wayland, X11, or no windowing system at all for that matter.

      • Zamundaaa@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        9 months ago

        It is not related to Wayland or the compositor in any way. This is a plasmashell extension.

        Similar caveats do apply to KWin scripts and effects though

    • machinya [it/its, fae/faer]@hexbear.net
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      wayland was not about avoiding applications accessing resources or running scripts (that is why sandboxing is for) but to avoid programs to have access to the rest of the graphical session (things like input devices and other graphical windows and their data)

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      It does, when the bad actor is a program you run, and other open windows contain sensitive content.

      Here the bad actor is code being loaded as an extension to the compositor. A bit like a kernel module, which can bypass file access permissions if it wants.