On Mon, Mar 9, 2015 at 12:52 PM, Manuel Bachmann < manuel.bachm...@open.eurogiciel.org> wrote:
> Hi Matthias, > > "I don't think it makes sense to develop a specific solution just for > the portion of application sandboxing that happens to overlap with > wayland protocol requests. The same questions need to be answered when > a third-party application e.g. wants to open a file or send an email." > > While it is true that the general security policy concern is a huge topic, > and that WSM may seem to be a too-specific solution in an ecosystem where > several Linux Security Modules have already been implemented, I think, > however, that there is a valid use case for it. > > We happen to have a more-than-20-years-old ecosystem of GUI applications > which were using the X11 protocol. For all these years, they were allowed > to exploit this protocol in various ways, which gave us the cool features > we could not imagine living without today. > > Then comes Wayland. It is more secure, but the cool features aren't there. > Sure, each compositor can do the way it wants, but application developers > are embarrassed . This potentially cripples the user experience and slows > down Wayland adoption. > > WSM is interesting because it only tries to cover GUI applications, which, > basically, all have the same needs : > - screenshooting, screen recording, color picking.... > - critical actions on the outputs : fullscreen, resolution change... > Why are fullscreen and resolution change privileged operations? > - access to a central clipboard ; > - replacing a vital part of the compositor (virtual keyboard, panel, > systray...) > - .... > > A Linux Security Module goes too far, has too many implications, hence why > it is rarely deployed excepted on server systems. But WSM is only about GUI > apps ; it precisely knows what it wants to be and which problems it tries > to address. I think, personally, that WSM has a chance of success because > it is pragmatic and has the privilegied timeframe for this. > I will not implement support for WSMs in mutter. I have given my opinion on why I think technical solutions to security problems and security policies are bogus before. I won't bother to repeat it here. > Regards, > Manuel > > 2015-03-09 14:30 GMT+01:00 Matthias Clasen <matthias.cla...@gmail.com>: > >> On Mon, Mar 9, 2015 at 1:38 AM, Manuel Bachmann >> <manuel.bachm...@open.eurogiciel.org> wrote: >> >> > Any comments on this ? >> > >> >> I don't think it makes sense to develop a specific solution just for >> the portion of application sandboxing that happens to overlap with >> wayland protocol requests. The same questions need to be answered when >> a third-party application e.g. wants to open a file or send an email. >> > > > > -- > Regards, > > > > *Manuel BACHMANN Tizen Project VANNES-FR* > > _______________________________________________ > wayland-devel mailing list > wayland-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/wayland-devel > > -- Jasper
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
