A program run under your user account can do pretty much anything you can do, and that's true on most operating systems. Xwindows server architecture just makes it a little easier to grab input events, because it was designed for a time when the threat model was nefarious users messing with other users on the same system, not shooting themselves in the foot by running random code from the internet. Sysadmins knew to use a clean login, not sudo from J. Random user's Xwindows desktop. A smart sysadmin would do a SAK before logging in as well, because they don't know if J. Random user has hijacked the login binary on their workstation.Regarding the dodgy apps, every app running on X has the ability to capture a sudo pw
Everyone seems to have forgotten this in the name of convenience, and because home users on Windows consider running any old random thing as Administrator normal (see constant whining about wanting to run graphical applications as root).
If you execute malware (outside of a sandbox / virtualisation), it's already "Game over, man.", at least for your user account. It has access to your files, and that's where most of the juice is. It could just add an alias in your .bashrc pointing the 'sudo' command to something that mimics the password prompt and dumps keystrokes, so unless you're very vigilant, no resident "keylogger" is required.
Trivia: A window manager isn't really special, it's just another application running under your user account and largely relies on the "insecurity" of X to do it's job manipulating windows and tracking input focus.
More trivia: Sudo isn't really meant for giving a normal user the ability to run any application as root anyway, the idea is that you give certain users or groups the ability to run specific commands as another user id and they use thier password to do so.
Getting rid of X completely is not easy, as a great many applications still depend on it. Under wayland you can run them with xwayland, a modified xserver that uses wayland input devices and forwards graphics to wayland surfaces.when I created these VMs I discovered X was there as well and has some X-looking processes.
This is not a panacea, but it does at least make it harder for windows to grab input when they don't have focus.
One of the downsides to this design is that, unlike X where you can just restart the window manager, if your wayland compositor crashes it takes everything else with it because it mediates all input/output.
Statistics: Posted by steve_v — 2024-06-01 08:04 — Replies 33 — Views 795