[html]
Check this out…
Already a bit older, but if true – and it seems to be true (I’ve tested this!) – it would be still up to date – and quite a scandal!
The Linux Security Circus: On GUI isolation:
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
[/html]Yes, it’s still true and, no, will not be fixed. ever. (according to Daniel Stone)
The Real Story Behind Wayland and X - Daniel Stone
45min video posted 2013
On Wayland.
http://lists.freedesktop.org/archives/wayland-devel/2012-February/002202.html
https://groups.google.com/forum/#!topic/qubes-devel/9BUibjMLkNQ
Two things, 1) Rootless X server has been introduced in the Linux world with the opensource gfx drivers preparing to take advantage f this. 2) SELinux has the ability to run a GUI program sandboxed with its own copy of X using Xephyr.
I have tested xinput too. This is scary.
There is no easy solution. Running each GUI program sandboxed with its own copy of X does not sound very practical.
But, except intercepting keystrokes on its own from the whole X server, what is the purpose of xinput? Is it used by any other package? In Debian, it comes as a separate package. So in the meantime, I have run “sudo apt-get purge xinput” in both the host and and Whonix workstation. At the moment, that seems to do the job without penalty.
Purging xinput won’t do the trick. It’s a diagnostic tool but not required to get the functionality of it.
The idea of separating user accounts is, the if one user account is compromised, but root isn’t, that the other user accounts can have their private data untouched and unread by the compromised one.
Any user account that is compromised can simply re-implement xinput’s functionality itself, such as the malware could download a plugin to get this functionality (or come with this functionalist in it’s core).