Or historical exploits/trojans/etc. that deserve more attention? I’ve mostly heard about lucrative vulnerabilities that concern Linux servers, but what about the end-users on desktops? Or is the Linux desktop market small enough that we mostly just see one-off instances of users blindly running malicious scripts?
I haven’t heard of any such cases, but it is a smaller pool of users. Also, many desktop Linux users know more about using a computer than other operating system users, since it’s less common for Linux to come preinstalled. So that may affect it, too.
I imagine vulnerabilities with the Linux kernel or common utilities do apply to desktop users as well, which is a good reminder why staying up-to-date is important. But to my understanding, exploiting remotely would need a way of sending data to the target. And most desktop computers won’t have ports open to the internet for anyone like servers will.
I know that Wayland’s design does make it more difficult for a user-mode program to act maliciously, like as key-loggers or reading the clipboard.
Sorry, can you tell me more about this?
Sorry for the late reply. Also @Cricket’s response is great and actually references a source!
Anecdotally though, as a user, I’ve noticed that some things require extra permissions. Usually there’s a prompt from the operating system that’ll ask for permission capture the desktop, which lets me specify which window or monitor to share. It uses the “XDG Desktop Portal”, which was already what allowed Flatpaks to securely access OS resources, and it has a whole bunch of different requests for resources and permissions. It’s similar to a web browser, where it’ll prompt you for privileges when an app wants them.
The hardest pain point for me has been that an app cannot detect keyboard input if it isn’t focused. This could prevent key loggers, but it also makes global shortcuts not work. There is a protocol that allows an app to request a key be forwarded to it, but it’s not widely implemented in apps (discord, for example) and I’ve had to rely on workarounds.
I found this: https://www.linuxmo.com/wayland-vs-x11-the-battle-of-display-protocols/#penci-Security_and_Isolation
There, I fixed it for you.This is about desktop Linux, so I was wrong to correct you. My bad.
All good! You’re still totally right; outside of the context, Linux has quite the user base with servers, embedded devices, and even phones, if we count Android. I think that’s relevant because it means we can’t rely on “security by obscurity”.