-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-09-12 06:06, Lorenzo Lamas wrote: > Imo a good reason for Wayland in Qubes(Dom0 at least) is because x11 > lockscreen is not secure. >
Are you referring to this? https://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/ If so, I see your point, but I don't think this is as serious of a problem on Qubes as it is on other systems. Brief summary of points from the blog post and responses: Screen lockers on X11 cannot be secure because they... 1. Can be prevented from starting. Since the screen locker runs in dom0, and only trusted programs run in dom0, this will never happen maliciously in Qubes (unless dom0 has already been owned, in which case it's already game over). 2. Can be spoofed. VMs cannot enter fullscreen mode without user permission, so a fake screen locker in a compromised VM cannot successfully spoof the real locker in dom0. 3. Cannot prevent other windows from grabbing screen content. Qubes' GUI isolation prevents exactly this, regardless of whether the screen locker is active. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX15BuAAoJENtN07w5UDAwMKAP/i6EAU22/mrGf8gBYFUQ0135 GjcttQPR/BgortZEYOFAYCDpBc1R5jx3VIgXe8yCMnlLKsh927S0dKpayfWHxfkT yLHl+N/hah/suKu/Mh5J5skXpbOuvS5xzHeQRjMvxAMQrD5w0Q8nrZ/fR+LHHKK7 GvAGuJQeL8yIPdqda2dj+4IyBNGJE+txtmg5NQ9/a5WnyRDIEaGBOflLVIOQRdoC YjOw9P2+c53xNqq3N1o/fYeUl0i/OZJVkwmperuJt8UxbNvq/9jUOFhxdOTQoJRX Laqjd2vRGrG6wcTFrrb8aernM0HPUqYzcP/mXTiWWts0JHzmETz3rANTqNPD5Ka4 DfnbvpbEHSVz6jHuHSVPayCoBzVzGfv/DhFCxeKcqkDVRANhjdpJlWi3wLScK8GD vrnrwpVvmuXLgXoMJmoCsuOSIwO1h2WBvwqeZT5sWQBsuJo7BVLxe+eDSpH9ZHg4 8llWfgYkXEbZwN95VYsskgtAGj5F1zPNLJD/iCXmPIwejbCsZtCu7YNjBlL5ggZ+ ca7J4Bf43BvBG6YL36xqLBHSA4Gz7CqhLvyRiQBZf1AOq46fcg0WuJgNp/njk/jf QrfKpX7QFuC6uy3bvasZ8EW8at5xiUHGvdmT6MG20xI7+47bwKSipoWpvONKhFfG 1xAaZakVQ1ISCMmNP+ka =MZHx -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9aeb8cf6-4c7b-3883-9985-287f4d8dd3b4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
