wayland-devel Digest, Vol 21, Issue 62

Sun Jun 17 10:26:23 PDT 2012

> Message: 1
> Date: Sat, 16 Jun 2012 19:59:00 +0200
> From: Lukasz Skrzeczacy <skrzeczacy at interia.pl>
> To: wayland-devel at lists.freedesktop.org
> Subject: Is Wayland a secure display server?
> Message-ID: <arbnljmqwumlpmsygfxn at gyqd>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
> I am not a profesional Linux and English user so keep it in mind. I
> recently heard of Wayland and I have some questions about security.
> Security is one of the reason why I am using Linux. I know little about
> security (but I will be learning about hardening system in the future), I
> know only that today Linux is more secure than Windows but in the future
> there will be more security threats. This makes me afraid about security

Hello,
The Unix-compatible operating system provides a basic security by user
isolation. The programs running under one user can't possibly attack
programs running under another user.

> of Linux. I readed some informations about Mandatory Access Control and
> Access Control Lis and Virtualization. I readed about Qubes OS too. Joanna
> Rutkowska  said that in X Server there has not any isolation bettwen apps
> so every application can sniff everything what user enter wherever even it
> is another application. Her opinion is that this is a big problem for

Yes, the isolation between applications is a major issue of the
traditional X11 model. It is well known that any application connected to
X11 server can listen on arbitrary events. Under the Wayland model, the
application recieves only mouse and keyboard events only when it has
focus. The application can't steal events from other application. So this
is much improved design.

> security. Even Windows have security feature  that keylogger can't sniff
> password entered into User Account Control but in Ubuntu keylogger could
> read passwords entered into gksu. I thing that she
>   knows what is she saing because on the site www.invisiblethingslab.com
> there is hers paper called Software Attacks against Intel VT-d
> technology and other advanced methods of attack, she proposed feature in
> processors called ?Supervisor Mode Execution Protection? and it is in
> the Ivy Bridge processors and yesterday I readed about that Rafa?
> Wojtczuk (also worked on Qubes OS) discovered a bug in Intel's
> Virtualization in processors.
> Is there ACL in Wayland? If not, it will be hard to implement it by

I do not agree that an access control list is the ultimate solution

> security specialists? Is in Wayland focus on security?

Yes, it is intended to be secure but security is much more complex. Most
of the security will depend on Linux kernel and other mechanisms and has
not much to do with wayland.

> Is Wayland a secure
> display server? Can I manage windows in Wayland and give them for example
> untrusted status?

There are methods for running applications in a sanboxed enviroment,
chroot etc... But this has nothing to do with wayland of course.

Why would you run an application that you do not trust? Of course, when
you run a harmful application, it can delete all your user data but the
operating system, won't be damaged (due to user permissions). And the
Wayland based desktop compositor won't be damaged too and continue to run
(unless the code exploits a bug which can be fixed). Any other user on the
system won't be affected by this.

>
> If you want read about Qubes OS and GUI isolation:
>
> http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
>

I do not think that virtualisation is the ultimate solution to this issue..