Security comparison - GNOME and KDE Plasma

XFCE and LXQt also secure privileged Wayland protocols.

2 Likes

GMOME is the only recommended DE used in Secureblue, as it’s the only Wayland DE that has locked down specific application sharing of things like the clipboard and screenshots I believe.

1 Like

GNOME and KDE are otherwise the only options. KDE is completely and forever memory unsafe (asked the Devs, never leaving Qt or even allowing Slint into core KDE apps), and GNOME is simply far behind.

@anonymous261, what are they referring to? The fact that they use C++?

I think they are referring to that, although currently, both GNOME and KDE are not mostly written in the safest languages. Additionally, by the time GNOME could make progress on that front, COSMIC may already be out.

A user of F42 Workstation here…

@SkewedZeppelin While Brace is not something I would use personally, I did learn of some noteworthy settings from the repo. I also ended up uninstalling sushi and yelp after reading this topic, so thanks for all the info.

Some things I’d like to add:

  • Apparently, disable-microphone does nothing right now. Likely wouldn’t hurt to keep it disabled, though.

  • Consider adding org.gnome.calculator refresh-interval 0 to prevent GNOME Calculator from periodically fetching exchange rates, which it does by default. (Anyone remember Subgraph OS?)

  • The org.gnome.desktop.lockdown section also may be of interest.

I want to like KeePassXC, but it’s stuck with Qt5 for the foreseeable future, and has yet to transition to Wayland properly.

For what it’s worth, KeePassXC is officially available on Flathub. But at least on GNOME, there’s this: