blog - git - desktop - images - contact
The X11 SECURITY extension from the 1990ies
It's widely known that X11 has a problem with, for example, keyloggers. The issue is not that keyloggers are possible through security holes -- but keyloggers are trivial on X11, as they are part of normal operation and don't require exploits. It is one of the reasons why people push for Wayland.
I recently came across the X11 SECURITY extension, which is part of a normal X.Org installation.
Quick overview of the extension
In short, it allows you to put X11 clients into two classes: "Trusted" and "untrusted". Untrusted clients cannot interact with trusted ones. It does work the other way around, though, for example I can use multipass to type from a trusted client into an untrusted one.
So, you might think about classifying your browser as untrusted and then, when there's a security issue in that browser, it cannot use the active X11 connection to spy on your keyboard.
I wanted to see how well this works in its current state.
"Current state" might be a bit misleading. The extension is quite old and it looks like nobody did any substation work on it for ... a long time.
The thing is that it's immediately clear that this extension -- in its current state -- is not the answer to "X11 is insecure": You only have two classes, trusted and untrusted. That's not enough. For example: When you run your browser as untrusted, you can't simultaneously run some sandboxed program (Snap, Flatpak, ...) in a meaningful way, because those two clients can spy on each other again. You want a proper per-client isolation instead.
... continue reading