Wayland support [Not yet implemented]

edited August 2020 in Linux Beta

I Downloaded the AppImage and ran it, looks like it runs in X11 mode, even though my desktop is Wayland.

This has two issues, the first being a security issue which I think would concern you the most.

On X11, any application can easily "see" what other applications are rendering on-screen. This means that any other local application can spy on what the 1Password window (e.g.: other local applications can see my secrets!).

The other problem is that XWayland doesn't support scaling, so the 1Password window is super blurry (I guess that wouldn't be the problem if you have low resolution screens).


1Password Version: latest
Extension Version: n/a
OS Version: ArchLinux
Sync Type: n/a

Comments

  • MitchMitch

    Team Member
    edited August 2020

    Hey @WhyNotHugo,

    Yes please! I also use Wayland on my desktop and appreciate its better performance and security over X11.

    You might already know that the front-end for 1Password for Linux is rendered in Electron, which is based on Chromium. Full Wayland support came to Chromium just recently in version 83 and work is ongoing to support it in Electron. We're tracking the progress closely and will be the first to support it when it's available upstream. (Perhaps even sooner with a feature flag -- this is a development preview after all.)

    Still, we expect X to stick around and be the default for most users for a long time. And even with Wayland, desktop Linux can be a hostile environment for apps. (What I'd give for a secure clipboard protocol!)

    The possibility of screen recording was taken into account when designing the UI and behaviour of the app. We've taken care to hide all secrets until they are explicitly revealed by the user -- concealed field values are not even sent to the front-end until and unless they need to be displayed. The data available to the front-end is strictly scoped to the sidebar selection in the top left to prevent exposing information from other accounts or collections, and we've added more fine-grained control over which accounts are unlocked if you have more than one. I am sure there is much more we can do to strengthen the app against both screen recording and shoulder surfing.

    As for DPI scaling, I don't know what window manager you use, but I'd recommend disabling scaling for 1Password if possible, and simply using the built-in zoom (Ctrl+=) to bump up UI elements and text while preserving their sharpness.

    -Mitch

  • As for DPI scaling, I don't know what window manager you use, but I'd recommend disabling scaling for 1Password if possible, and simply using the built-in zoom

    It's not possible to disable scaling on a per-app basis on Wayland. Scaling is per-display.

    This is why things like Chromium and Electron-apps are just a no-go on Wayland.

    My main concern is security though -- the 1Password app is LESS SAFE than using the Firefox browser extension. I find it somewhat alarming that this is considered fine, and the release app is being pushed like this (e.g.: only supporting older protocols with far no security at all).

    Still, we expect X to stick around and be the default for most users for a long time. And even with Wayland, desktop Linux can be a hostile environment for apps. (What I'd give for a secure clipboard protocol!)

    Agreed completely. There's no proper keyring protocol on Linux either (the existing one gives unlimited access to all applications, which is kind of as safe as having a text file with everything).

    You guys are most welcome to have a go at it! ;)

  • I wanted to note that initial wayland support has been merged in electron. It is only initial, and there are likely a few issues to be resolved before wayland is enabled by default.

    More info can be seen in the merged PR. https://github.com/electron/electron/pull/26022

    The flags for enabling wayland in electron are:
    electron --enable-features=UseOzonePlatform --ozone-platform=wayland

    There is also this chromium bug which will enable ozone by default for x11 and wayland (making one of the above flags redundant).
    https://bugs.chromium.org/p/chromium/issues/detail?id=1096425

    Can’t wait to try out native Linux 1password on wayland when it is ready!

  • BenBen AWS Team

    Team Member

    That is encouraging news, @vincent_chernin. Thanks for sharing! A number of us internally are running Fedora w/ Wayland so we're excited to see this as well.

    Ben

  • I see that 1Password is not in beta, but this issue is still here.

    While the blurriness in rendering is the most noticeable one (and can't really be worked around), the security issue of "any app can see the secrets I see" is still there.

    chromium snapshots already include wayland support enabled in the default builds. I'd love to give it a spin, but honestly, the fact that it has a security hole that 1Password X does not is a dealbreaker.

  • MikeTMikeT Agile Samurai

    Team Member
    edited December 2020

    I see that 1Password is not in beta, but this issue is still here.

    I am not sure what you mean but 1Password for Linux is in beta and will be for the remaining of the year.

    We're reviewing what could be done and we'll share as soon as we have more details.

  • Looks like the current version of the 1Password app uses an electron build that supports ozone/Wayland, since when I start the app using the flags mentioned above, the initial screen that shows up does not have the blurriness issues.

    Unfortunately, the app segfaults pretty much immediately when run like this though: segfault at fffffffffffffff8 ip 000056331b89d100 sp 00007ffcae2a7bc0 error 5 in 1password[56331b01a000+6060000]

  • Dayton_agDayton_ag

    Team Member

    Hey @lutoma, Wayland support for 1Password isn't available yet, but as soon as it's been implemented we'll be very excited to share. :smile: In the meantime, we don't suggest forcing the app to run in Wayland just yet, as issues like the one you mentioned will crop up.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file