Hi Jasper, "Why are fullscreen and resolution change privileged operations?"
Personally, I think fullscreen should be allowed by default, but could be disallowed on a per-application-basis ; because a few ones could abuse it by re-triggering repeatedly (it made a great testcase for the demo, however). Regarding resolution change, I'm not even sure it's in WSM ;-), but that's direct access to the hardware modes ; what about an app changing modes every 5 seconds while minimized so you cannot easily kill it ? You can imagine the compositor's default UI would be authorized, but a third-party app (like a video game) would at least need to ask the first time. "I will not implement support for WSMs in mutter. I have given my opinion on why I think technical solutions to security problems and security policies are bogus before. I won't bother to repeat it here." We discussed that on IRC, I can understand your position. Regards, Manuel 2015-03-09 21:41 GMT+01:00 Jasper St. Pierre <jstpie...@mecheye.net>: > On Mon, Mar 9, 2015 at 12:52 PM, Manuel Bachmann < > manuel.bachm...@open.eurogiciel.org> wrote: > >> Hi Matthias, >> >> "I don't think it makes sense to develop a specific solution just for >> the portion of application sandboxing that happens to overlap with >> wayland protocol requests. The same questions need to be answered when >> a third-party application e.g. wants to open a file or send an email." >> >> While it is true that the general security policy concern is a huge >> topic, and that WSM may seem to be a too-specific solution in an ecosystem >> where several Linux Security Modules have already been implemented, I >> think, however, that there is a valid use case for it. >> >> We happen to have a more-than-20-years-old ecosystem of GUI applications >> which were using the X11 protocol. For all these years, they were allowed >> to exploit this protocol in various ways, which gave us the cool features >> we could not imagine living without today. >> >> Then comes Wayland. It is more secure, but the cool features aren't >> there. Sure, each compositor can do the way it wants, but application >> developers are embarrassed . This potentially cripples the user experience >> and slows down Wayland adoption. >> >> WSM is interesting because it only tries to cover GUI applications, >> which, basically, all have the same needs : >> - screenshooting, screen recording, color picking.... >> - critical actions on the outputs : fullscreen, resolution change... >> > > Why are fullscreen and resolution change privileged operations? > > >> - access to a central clipboard ; >> > - replacing a vital part of the compositor (virtual keyboard, panel, >> systray...) >> - .... >> >> A Linux Security Module goes too far, has too many implications, hence >> why it is rarely deployed excepted on server systems. But WSM is only about >> GUI apps ; it precisely knows what it wants to be and which problems it >> tries to address. I think, personally, that WSM has a chance of success >> because it is pragmatic and has the privilegied timeframe for this. >> > > I will not implement support for WSMs in mutter. I have given my opinion > on why I think technical solutions to security problems and security > policies are bogus before. I won't bother to repeat it here. > > >> Regards, >> Manuel >> >> 2015-03-09 14:30 GMT+01:00 Matthias Clasen <matthias.cla...@gmail.com>: >> >>> On Mon, Mar 9, 2015 at 1:38 AM, Manuel Bachmann >>> <manuel.bachm...@open.eurogiciel.org> wrote: >>> >>> > Any comments on this ? >>> > >>> >>> I don't think it makes sense to develop a specific solution just for >>> the portion of application sandboxing that happens to overlap with >>> wayland protocol requests. The same questions need to be answered when >>> a third-party application e.g. wants to open a file or send an email. >>> >> >> >> >> -- >> Regards, >> >> >> >> *Manuel BACHMANN Tizen Project VANNES-FR* >> >> _______________________________________________ >> wayland-devel mailing list >> wayland-devel@lists.freedesktop.org >> http://lists.freedesktop.org/mailman/listinfo/wayland-devel >> >> > > > -- > Jasper > -- Regards, *Manuel BACHMANN Tizen Project VANNES-FR*
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
