How to install Xorg without Wayland in FreeBSD?

kpedersen said:
I am beginning to suspect that it is actually lack of corporate interest as to why we don't have a decent remote desktop solution. Whilst that surprises me in the "day of the cloud", I guess the concept of DaaS (Desktop as a Service) is not really that popular.
Click to expand...
Desktop? It's darn hard to get a command line in the cloud crapware.

First you have to find out what virtual machine is hosting your container. Then you ssh to that host and grep through the output of docker ps to find your instance. Then you docker exec -it /bin/bash hoping and praying that bash is installed in it. Then you hope that it's actually logging something useful or that there are enough standard tools installed in it to have a fighting chance of figuring out what it's doing, or, more often why it's not doing what it's supposed to be doing.
 
olli@ said:
No, the old X protocol is going to die, sooner or later (hopefully sooner). It is 35 years old and was designed at a time when people didn't think much about security issues. Wayland fixes that and a bunch of other problems.

And please stop abusing this thread for your “BSD vs Linux” mission. As already stated, Wayland is an OS-independent display protocol.
Click to expand...
Unix is 50 years old ....
 
olli@ said:
No, the old X protocol is going to die, sooner or later (hopefully sooner). It is 35 years old and was designed at a time when people didn't think much about security issues.
Click to expand...
Maybe it is possible to run X in separate jail for every user and make it secure?
 
6502 said:
Maybe it is possible to run X in separate jail for every user and make it secure?
Click to expand...
  • Since Xorg hasn't listened on TCP for close to a decade, it is secure in terms of the network.
  • Since Xorg has used a UNIX socket with individual user permissions (and Xauthority) for a decade it is secure in terms of local machine.
The only "insecure" thing about it is the fact that individual X11 applications can see each other and communicate; i.e the Window Manager program can see/manage individual windows belonging to other programs (by design, I will add). However since people do more on their machines than web browsers and playing games, this is functionality that is necessary and I am not convinced that ad-hoc Wayland / dbus hacks are more secure alternatives.

Unfortunately the separate jail idea (is good for many things BTW) won't solve this specific issue because... well it isn't an issue but required functionality! There is no solution to it because we *want* interoperability between GUI programs.

You could spawn a program and then delete the .X11 socket so no other programs can access the session. Very secure. That program can then manage everything itself, including rendering other programs and... well you basically have a Wayland Compositor ;)
 
Have there actually been any X11-based attacks, like ever? I've been using X for going on three decades now, and have never heard of one.
 
Jose said:
Have there actually been any X11-based attacks, like ever? I've been using X for going on three decades now, and have never heard of one.
Click to expand...
The only one that people commonly come up with is keyloggers but frankly it is easier to listen on the raw /dev/input/* that Linux/Wayland conveniently chowns to the locally logged in user account (i.e that same account running the compromised program / keylogger!).

Accessing the raw keyboard is trivial on most platforms in fact and doesn't require root access in most cases; i.e: https://gitlab.com/osen/openbsd_drmfb_gnuboy/-/blob/main/src/sys/Keyboard.c

It is happening at a lower level so Wayland cannot prevent this either.
 
You must log in or register to reply here.
Back
Top