rm prophylactics aren't security related - they're "save the admin from a stupid mistake" fixes. However, the key difference is that the failure state when they don't work is to do exactly what the user expects. In the XMir case, I expect that the thing I can see accepting my input is the only thing that's seeing it; XMir's VT switch bug breaks my expectation.
The concern I have over the VT switching is that I've personally experienced interactions between bugs in X drivers and bugs in older versions of Mozilla Firefox such that a website's JavaScript triggered behaviour can cause X to lock up for apparently infinite time - a VT switch still worked, it just takes around 15 seconds to happen. Once that's done, I can log in, kill Firefox and recover control.
In XMir land, that VT switch is instant; however, as I'm logging in and killing Firefox, the application I had focused gets my input, too. This is unexpected behaviour - I thought I was typing into the VT, but in fact I'm typing into the VT and XMir (and hence into Skype, Empathy, or other IM app).
And the fix is simple in design (albeit possibly hard to implement, depending on how poor Mir's codebase is) - use the same mechanism as Xorg does to prevent a VT switch happening while X is still accepting input. Put that mechanism in place instead of the racy one they're using now.
It's all about expectations, basically. XMir breaks my model of when it's safe to type into another VT, and doesn't provide me with the tools to create a new model. rm prophylactics do provide me with the tools to create a new model.
Re: accidentally compromising your own passwd, vs malicious mir-hog getting your passwd
The concern I have over the VT switching is that I've personally experienced interactions between bugs in X drivers and bugs in older versions of Mozilla Firefox such that a website's JavaScript triggered behaviour can cause X to lock up for apparently infinite time - a VT switch still worked, it just takes around 15 seconds to happen. Once that's done, I can log in, kill Firefox and recover control.
In XMir land, that VT switch is instant; however, as I'm logging in and killing Firefox, the application I had focused gets my input, too. This is unexpected behaviour - I thought I was typing into the VT, but in fact I'm typing into the VT and XMir (and hence into Skype, Empathy, or other IM app).
And the fix is simple in design (albeit possibly hard to implement, depending on how poor Mir's codebase is) - use the same mechanism as Xorg does to prevent a VT switch happening while X is still accepting input. Put that mechanism in place instead of the racy one they're using now.
It's all about expectations, basically. XMir breaks my model of when it's safe to type into another VT, and doesn't provide me with the tools to create a new model. rm prophylactics do provide me with the tools to create a new model.