36

How Wayland handles security considerations vs MacOS Quartz or Windows DWM?

posted
*
by
Avatar
monovergent@lemmy.ml
in
Avatar
linux@lemmy.ml
10 comments
hidereport

As I understand it, X11 has many inherent security concerns, including programs being able to read the contents of other windows and intercept keystrokes. Wayland addresses these concerns but at the moment breaks certain functions like screen readers, cursor warping, and the ability of a program to resize its own window.

I am curious as to how the display protocols of MacOS and Windows handle these situations differently. How does a program in those operating systems gain permission to read the contents of other windows, if at all? What is to be done in Wayland for these functions to be more seamless or are there inherent obstacles?

Sort:
HotTopControversialNewOld
Avatar
Max-P@lemmy.max-p.me
16 points

Not sure if Windows has that but I believe on macOS what happens is the app tries to record the screen, and if it fails macOS blocks the request and opens the security settings to enable the permission, and you have restart the whole application for the permission to take.

What’s done for Wayland is the portal system: applications can use portals to request access to specific things like screen recording, the DE does what it needs to do and it starts feeding the data to the application through the portal. It’s working fairly well, I haven’t had issues with those in a while. The application just requests what it wants, and the DE prompts the user (or auto accept the request) optionally remembering the choice as well.

Generally the solution for X11 problems is to implement a modern API for it in either Wayland or as a portal. Which breaks old stuff, but once updated it works fine.

The main obstacle is getting Gnome to agree to the protocols.

permalink
report
reply
Avatar
vrighter@discuss.tchncs.de
3 points

except the portal keeps popping up whenever I touch my controller, and the remember option does not work. It pops up in the foreground anytime I even accidentallytouch my contoller’s touchpad. In home streaming is basically impossible for me rn.

permalink
report
parent
reply
Avatar
Zamundaaa@discuss.tchncs.de
2 points

That’s not really a Wayland thing, that’s an (apparently badly implemented) attempt to bridge X11 apps to a permission system they were never written for.

permalink
report
parent
reply
Avatar
Telorand@reddthat.com
11 points

I don’t know about Wayland or MacOS, but In Windows, you can access quite a lot of information via WPF, UWP, WinUI, etc. This is to allow assistive tech to be able to do what they need to do, such as screen readers.

As long as you know how to search for window and control handles, you can read, store, and digest pretty much everything you as a person can see. No questions or elevation of privileges needed.

The caveat is that you’d have to have local access at a minimum.

permalink
report
reply
Avatar
narc0tic_bird@lemm.ee
7 points

I don’t know how it works on a technical level, but:

On macOS the app can request permission. In case of screen reading, it can’t just ask with a simple allow/deny prompt like with many other permissions (e.g. location), but most app requiring permission usually open the system settings app at the correct page (accessibility > screen readers or something). This page shows a list of all installed applications that specify that they have screen reader capabilities. The user can check a box next to the app’s name to allow screen reading.

On Windows, a “classic” win32 application can essentially see anything running under the same user as itself. It can probably capture windows of applications running as another user (administrator), but afaik it can’t send keystrokes to them. Appx apps generally have a permission system, but I’m not sure how screen readers are handled.

permalink
report
reply
Avatar
finley@lemm.ee
4 points

I’d like to add that, unless your user account has permission to enable this in macOS, you can’t enable it.

permalink
report
parent
reply
Avatar
cyberwolfie@lemmy.ml
2 points

Not an answer to your question, but a (perhas naive) question itself: are keyloggers impossible on Wayland?

permalink
report
reply
Avatar
vrighter@discuss.tchncs.de
2 points
*

No, they are not. If someone has enough access to install a keylogger, then they can just grant permission to themselves. This is mostly security theater, trying to turn desktops into phones.

permalink
report
parent
reply
Avatar
Zamundaaa@discuss.tchncs.de
1 point

With appropriate sandboxing of apps so they can’t just LD_PRELOAD code into all other apps you run, yes.

permalink
report
parent
reply
Avatar
delirious_owl@discuss.online
1 point

Or QubesOS plz

permalink
report
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 2K

    Monthly active users

  • 2.9K

    Posts

  • 16K

    Comments

Community moderators