The X11 Security extension from the 1990s
9 comments
·August 2, 2025rnhmjoj
tialaramex
Keep in mind that X11 is a protocol, so the client might not be running as your user on your local machine, it could be a dedicated machine that's only running the client.
In this case, again it's not important because in our timeline X11 is old, you might proxy the clipboard feature, with a trusted and untrusted connection, the untrusted connection needs to be careful because it's exposed to arbitrary nastiness from potentially hostile untrusted clipboard-using software - the trusted one talks to everybody else. So an example is you might decide to sanitize text, strip out invisible control characters, and exclude "rich" text formats that might conceal attacks. Or you might allow some images but only after previewing them and constraining their properties, no 18GB GIFs please, yes it's technically possible to encode a huge truecolor image as a single GIF no I don't want that in my clipboard.
Is this something we should try to implement? Probably not, but in a world where people try to kite surf across the English channel it's nowhere close to the craziest hobby.
eqvinox
> Keep in mind that X11 is a protocol, so the client might not be running as your user on your local machine, it could be a dedicated machine that's only running the client.
For an X server to be network exposed, you first have to either SSH forward it or remove the nowadays-default "-nolisten TCP", and then either get the xauth secret or have the user do 'xhost +'.
At that point I'm gonna say the attacker earned their keylogger access.
And you or your distro might consider patching out the TCP variant.
anthk
..... guix shell --container
it's great for this.
farkin88
X11's SECURITY extension was its long-forgotten stab at sandboxing: flip a bit and every client is either trusted or untrusted. It does kill trivial key-logging, but it also breaks the clipboard, disables GLX and makes various apps fall over, leaving the desktop unusable while Firefox somehow works just fine. A cool reminder that X11 could've had proper sandboxing 25 years ago, but the UX cost sank it and Wayland is the lifeboat now.
zzo38computer
I think a proxy server might be a better way to handle security, than the way it is done as described in this article. (On a computer, the security will need to consider more than only the X server, but that will be one part of it.)
eqvinox
> It's widely known that X11 has a problem with, for example, keyloggers. The issue is not that keyloggers are possible through security holes -- but keyloggers are trivial on X11, as they are part of normal operation and don't require exploits. It is one of the reasons why people push for Wayland.
Sorry, but did I miss news about a keylogger epidemic? On Linux?
In all seriousness, is this solving an actual problem or an imagined one?
And even assuming a 'Yes': A problem that isn't better solved elsewhere? How did the keylogger get access to the system and its desktop session? What else does it have access to?
anthk
'xev'
> What does it protect against?
Unless you're doing SELinux or using some tool like firejail, absolutely nothing?
The average desktop is completely insecure, regardless of the display protocol. If a program is running as your user it's already game over: it can do whatever it likes. For example, I can simply change your shell profile to add an LD_PRELOAD shim, hook some libc syscall wrapper and run arbitrary code in any user process. There's no need to log key presses.