On Wed, Sep 19, 2018 at 07:07:28AM -0400, John Newman wrote:
On Sun, Sep 16, 2018 at 11:15:56PM -0400, grarpamp wrote:
Any search will bring basic stuff like
https://insecure.org/sploits/xsecurekeyboard_fequent_query.html https://www.techrepublic.com/blog/linux-and-open-source/three-features-you-m... http://tutorials.section6.net/home/basics-of-securing-x11 https://www.reddit.com/r/openbsd/comments/83adcn/does_openbsd_x11_not_have_s...
Whether xorg, wayland, xenocara, drivers, ttys, init, login, getty, etc are receiving any level of scrutiny, audits, fuzzing, code scans, etc. The ancient and obscure it is, the less people look, and all the above are exactly that. Even mashing kbd on a FreeBSD can throw console into unrecoverable must kill state. And people talk how trust X?
There is always a trade-off between security and usability. If not X (or wayland, which I've only tinkered with), then what? I use tty programs everywhere I can, e.g. mutt for email, irssi, etc - but gotta have graphical UI sometimes.
Also, tty is relatively space inefficient, specially on modern "high res" monitors where many xterms can be layed out to provide an efficient workspace - yet X (poor security) or Wayland (better?) is required to make use of all those columns and rows, and probably few these days would live without some GUI programs (browser, word processor, video/ tube viewer). When bitbanging your tty subsystem pretty well guarantees lockup, we can say we've a long way to go for robust "secure" systems … notwithstanding the hardware issues so visible today.