On Sun, Sep 16, 2018 at 11:15:56PM -0400, grarpamp wrote:
Any search will bring basic stuff like
https://insecure.org/sploits/xsecurekeyboard_fequent_query.html https://www.techrepublic.com/blog/linux-and-open-source/three-features-you-m... http://tutorials.section6.net/home/basics-of-securing-x11 https://www.reddit.com/r/openbsd/comments/83adcn/does_openbsd_x11_not_have_s...
Whether xorg, wayland, xenocara, drivers, ttys, init, login, getty, etc are receiving any level of scrutiny, audits, fuzzing, code scans, etc. The ancient and obscure it is, the less people look, and all the above are exactly that. Even mashing kbd on a FreeBSD can throw console into unrecoverable must kill state. And people talk how trust X?
There is always a trade-off between security and usability. If not X (or wayland, which I've only tinkered with), then what? I use tty programs everywhere I can, e.g. mutt for email, irssi, etc - but gotta have graphical UI sometimes. -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7