• pinknoise
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 years ago

    keylogging mostly mitigated by the better security of Wayland?

    Yes and no, programs can’t keylog or record the screen of other programs via the wayland interface as they can in X. Wayland (and pipewire) have mechanisms for access control builtin. Thats a good start but it’s pretty useless if you don’t have proper access control / “sandboxing” for the other parts of your system. I remember reading some PoC code for a wayland keylogger that just injected a library (edit: into user programs) and there are probably some other (more creative) ways to do it.