OK, so what are the risks under Wayland?
Since the security is improved under Wayland, are non-elevated applications
still able to eavesdrop or falsify input/output of elevated applications?
The opposite direction is not that important, I think, because if you run
something as root (regardless of CLI or GUI), you explicitly trust it to do
almost anything to your system. If you decide to trust gedit or meld, I
don't see the difference from trusting vim or emacs. Unless there's
something in Wayland that is similar to vulnerabilities in X11?
Thanks for explanation.
Either I missed it, or nobody replied to my question. I'd be really interested to read
the answer, if somebody knows it, thanks.
I'm not saying we should not minimize the number of operations that we need to perform
as root. Sure we should. But there will always be some root-only ones. In the old days, we
said "X11 is not safe, that's why you should use CLI tools as root, GUI tools are
not recommended". And now that we can possibly have secure windowing system, we say
"GUI tools as root can't be used at all". Which is the opposite answer than
I expected from the Wayland hype, I imagined "both CLI and GUI are safe now, use
whatever you like". So, what are the attack vectors under Wayland that CLI apps