I was told that one of the core benefits of Wayland is that it prevents applications from snooping each other, such as by recording the contents of windows that don’t belong to them or logging keystrokes that don’t belong to them. But the program wf-recorder can record my entire screen without root! Doesn’t that mean any rogue application could do the same thing?
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
- 0 users online
- 5 users / day
- 20 users / week
- 27 users / month
- 16 users / 6 months
- 20 subscribers
- 684 Posts
- 1.7K Comments
- Modlog
It’s a “custom” protocol provided by your compositor, that’s not part of Wayland itself. Just like technically, you could have your graphics driver provide an API for capturing all screen output.
As for the security implications, i’m not entirely sure (not familiar with that stack). I assume you can only capture from your own user, and that there’s settings to disable that capability. It still means yes, that a malicious application could record your session and submit it to a 3rd party, which is why:
we should use only free software, compiled by trusted third-parties (distro packages or Nix/guix)
you should probably setup an applicative firewall like OpenSnitch to make it harder for malware to extract stuff out of your computer (though not impossible, because once you have a shell on the machine root is usually not far away)