Or historical exploits/trojans/etc. that deserve more attention? I’ve mostly heard about lucrative vulnerabilities that concern Linux servers, but what about the end-users on desktops? Or is the Linux desktop market small enough that we mostly just see one-off instances of users blindly running malicious scripts?
Sorry, can you tell me more about this?
Sorry for the late reply. Also @Cricket’s response is great and actually references a source!
Anecdotally though, as a user, I’ve noticed that some things require extra permissions. Usually there’s a prompt from the operating system that’ll ask for permission capture the desktop, which lets me specify which window or monitor to share. It uses the “XDG Desktop Portal”, which was already what allowed Flatpaks to securely access OS resources, and it has a whole bunch of different requests for resources and permissions. It’s similar to a web browser, where it’ll prompt you for privileges when an app wants them.
The hardest pain point for me has been that an app cannot detect keyboard input if it isn’t focused. This could prevent key loggers, but it also makes global shortcuts not work. There is a protocol that allows an app to request a key be forwarded to it, but it’s not widely implemented in apps (discord, for example) and I’ve had to rely on workarounds.
I found this: https://www.linuxmo.com/wayland-vs-x11-the-battle-of-display-protocols/#penci-Security_and_Isolation