> Got a gnome terminal root shell open? That's a privilege escalation method for any other client running on the desktop under Xorg. This itself, isn't really a problem, but chained with other attacks could be (e.g. browser escape).
Unless you're sandboxed up the ass, Wayland won't save you when that browser escape happens. Something I did 20 years ago to a friend as a prank that still works today on a typical Linux desktop with Wayland; wrap sudo to log the users password the next time they use it. I didn't use a browser exploit for that, but it can easily be done if you have write access to the user's environment however that happened. Wayland won't protect you from that sort of thing unless you're willing to commit to extensive sandboxing.
Wayland is a critical step in sandboxing everything on the Linux desktop up the ass. Flatpak is also part of this effort. This is where desktop computing is headed; and why what Drew DeVault called "anti-Wayland horseshit" is actually derailing a secure, easy-to-use Linux desktop.
Unless you're sandboxed up the ass, Wayland won't save you when that browser escape happens. Something I did 20 years ago to a friend as a prank that still works today on a typical Linux desktop with Wayland; wrap sudo to log the users password the next time they use it. I didn't use a browser exploit for that, but it can easily be done if you have write access to the user's environment however that happened. Wayland won't protect you from that sort of thing unless you're willing to commit to extensive sandboxing.