Firefox 99

33 points by nimar 4 years ago | 6 comments

kevincox 4 years ago |

> The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).

That is a very significant step. I wonder if this applies to Wayland users as well or if this was already a non-issue.

WhyNotHugo 4 years ago | |

It's less of an issue on Wayland.

Clients can't randomly snoop onto what others are doing (e.g.: record keystrokes while on background).

There's still _some_ attack surface on Wayland, but less than there was on Xorg.

BTW: Note sure if this feature was implemented for Wayland, but it sounds like it wasn't.

kup0 4 years ago | |

I wonder if this will break the hardware acceleration I've enabled to run in Firefox in X11 by using the VAAPI flags/etc

alophawen 4 years ago | |

The issue with Xorg is that it runs as root by default (there seems to be ways to run it as non-root according to Gentoo Wiki, but I'm pretty sure most popular distros runs it as root).

One of the selling points of wayland is that it does not.

EDIT: See child replies. I am outdated info.

kevincox 4 years ago | | |

I don't think most distributions run X as root anymore. But it does generally have a lot of access as it can open apps and log keys.

XWayland definitely doesn't run as root, but still has a lot of access to any X applications that you are running.