The point of bringing up xscreensaver is that, to my understanding, in everything from original X in the 1980s all the way through the Xorg git tree today, the design of X basically necessitates that the screensaver-app checks your password (i.e. when you lock and then unlock your screen). I'm glad ctrl-meta-bkspc security hole is closed, but if you run an Xserver, and you run a screensaver, you have to trust the authors of *both* things with your password. Is this not correct? That was one of the big advantages touted for wayland, after all -- more secure/sane input-handling -- google for wayland screensaver Daniel Stone (of Collabora/Wayland/Xorg).
So if that is the current state of password security in X, what is the current state in mir, compared to before the bug was marked fixed-released? As you explain, the current hypothetical security hole (in the sense that there are no script-kiddie exploits in the wild) is that a Malicious App could do such and such and so and so, then maybe capture your password. But as the first reply points out, once you have malicious apps installed locally, you are already in a world of hurt. (Harking back to our discussion of a hypothetically malicious xscreensaver installed locally.)
The *previous* state of mir was worse: no malicious app was required, just bad luck could send your password unencrypted over the internet. If you were in irc or skype or similar, and then hit ctrl-alt-f2, your username + enter + passwd + enter would be accidentally transmitted. *That* is a significant security flaw, even though it depends on several things all being true -- sooner or later, somebody was bound to get bitten. The current state is better, and arguably on par with the current state of Xorg. (Of course, mir is a ton of new code, written in haste, and is thus far less trustworthy heuristically than Xorg. But as far as *known* flaws they are prima facie on the same level.)
MJG is correct when he calls this 'not really' fully fixed, but I think he is being pedantic. Mir is now 'good enough' relative to the security level of X, that it prolly would be suitable for broad release, with few Big Red Warnings on the tin. Canonical delayed making it default on dtops because of the multi-monitor thing, the general immaturity of the code, and other usability-regressions, not because of any security worries. That's not to say I don't want Mir's security improved, including the fixing of the Malicious App hogs mir to capture your passwd flaw... but I take such fixes in context, relative to the security of wayland and Xorg.
Re: malicious xscreensaver getting your passwd, vs malicious mir-hog getting your passwd
So if that is the current state of password security in X, what is the current state in mir, compared to before the bug was marked fixed-released? As you explain, the current hypothetical security hole (in the sense that there are no script-kiddie exploits in the wild) is that a Malicious App could do such and such and so and so, then maybe capture your password. But as the first reply points out, once you have malicious apps installed locally, you are already in a world of hurt. (Harking back to our discussion of a hypothetically malicious xscreensaver installed locally.)
The *previous* state of mir was worse: no malicious app was required, just bad luck could send your password unencrypted over the internet. If you were in irc or skype or similar, and then hit ctrl-alt-f2, your username + enter + passwd + enter would be accidentally transmitted. *That* is a significant security flaw, even though it depends on several things all being true -- sooner or later, somebody was bound to get bitten. The current state is better, and arguably on par with the current state of Xorg. (Of course, mir is a ton of new code, written in haste, and is thus far less trustworthy heuristically than Xorg. But as far as *known* flaws they are prima facie on the same level.)
MJG is correct when he calls this 'not really' fully fixed, but I think he is being pedantic. Mir is now 'good enough' relative to the security level of X, that it prolly would be suitable for broad release, with few Big Red Warnings on the tin. Canonical delayed making it default on dtops because of the multi-monitor thing, the general immaturity of the code, and other usability-regressions, not because of any security worries. That's not to say I don't want Mir's security improved, including the fixing of the Malicious App hogs mir to capture your passwd flaw... but I take such fixes in context, relative to the security of wayland and Xorg.