Passive and active attacks via X11. Is Wayland any better?
frqb4td at onet.pl
Thu Feb 16 10:36:17 PST 2012
In "The Linux Security Circus: On GUI isolation" (link: http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html ) - The Invisible Things Lab's blog, Joanna Rutkowska describes attacks from one X11 app on another and the general problem of the lack of GUI-level isolation, and how it essentially nullifies all the desktop security.
One application can sniff or inject keystrokes to another one, can take snapshots of the screen occupied by windows belonging to another one, etc.
The bit about how the X11 security model has changed over time and doesn't fit well with Linux was interesting. She pitches Qubes OS (Beta 1) as a secure alternative.
Can passive (snooping) attacks be avoided? The passive attack she describes certainly works on my system, though I note that one of the comments says gksudo input can't be snooped.
Can active attacks (injecting keystrokes) be avoided? I seem to recall that active attacks was turned of by default a long time ago. But a quick google suggests that the XTest extension nullifies that (How to map a key-combination to a keyboard-button?).
Most Linux distros are moving to Wayland as a replacement for X11. Does it provide for good isolation between apps?
Is there hope for security on the desktop? :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wayland-devel