Niri Security Model
The Niri Security Model assumes that programs running unsandboxed on the host are trusted, which can lead to various security vulnerabilities. Unsandboxed clients can access sensitive information and manipulate user input through various means. To mitigate these risks, a proper sandboxing solution, such as Flatpak, is recommended to restrict access to critical system components.
- ▪Programs running unsandboxed on the host can exploit various methods to gain access to sensitive information.
- ▪Unsandboxed clients with access to Niri's Wayland socket can record screens, emulate input, and manipulate user sessions.
- ▪A proper sandboxing solution is necessary to prevent untrusted clients from accessing critical system resources.
Opening excerpt (first ~120 words) tap to expand
Security Model Niri assumes that programs running unsandboxed on the host are trusted. This is a reasonable assumption because programs running on the host have a wide variety of ways to get all access they need, even without niri. For instance: They can set $LD_PRELOAD in .bashrc or similar files to load an arbitrary library into all processes. They can replace binaries in $PATH with malicious code. They can interpose any socket in $XDG_RUNTIME_DIR, like Wayland, and do keylogging or record window contents. They can scan the filesystem for secrets: SSH keys, password stores, etc. They can connect to an unlocked keyring and steal credentials. And so on and so forth.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Github.
