On Tue, 18 Oct 2016 08:37:56 -0400 (EDT) Olivier Fourdan <[email protected]> wrote:
> Hi Pekka, > > > sorry for taking so long to reply. > > Now it's my turn to apologize, I saw your email and then forgot about it! > > > A recap from earlier emails as I understood them: > > > > - This patch adds a callback in libwayland-server's wl_registry > > implementation, that will be called every time a) libwayland-server > > is about to send an advert of a global to a client, and b) when a > > client tries to correctly bind a global interface, to determine if > > that should actually happen. Case b) is needed in case a malicious > > client guesses the global name and interface correctly. > > > > - This does not actually have any significant consequences and it does > > not close any "security holes" that would not be closable/closed > > already otherwise. It is purely about trimming down the list of > > globals per client. Essentially it's kind of like an ad hoc > > implementation of namespaces for globals. > > > > - It was said that this is quite different to Giulio's plans for > > privileged/restricted interface negotiation [1]. > > I agree with all of the above :) > > I'm very happy to see you wrote tests for the new API. > > > > To get proper validation for the new libwayland-server API, I would > > like to see it used in Weston to replace all the existing privileged > > global checks. To make that fluent, I would like Weston to also use the > > recently added "new client created" callback to set up per-wl_client > > tracking data, a part of which would be flags telling which privileged > > interfaces can be bound or the special role of the client. > > > > As the only serious request for this patch series, I would like the > > commit message to mention some more benefits we just figured out with > > Jonas in IRC: > > > > - Hiding interfaces that expose compositor implementation details makes > > it harder for clients to identify the compositor. Therefore clients > > are a little less likely to develop compositor-specific workarounds > > instead of reporting problems upstream. > > > > - Hiding can be used to diminish the problems from missing namespacing: > > if two compositors happen to use the same named global with different > > interfaces for their special-purpose clients, the client expecting > > the different interface would probably never see it advertised. > > > > Therefore I think this would be a beneficial addition: > > Acked-by: Pekka Paalanen <[email protected]> > > So, if I amend the commit message as above and rebase against current > code, I can add your acked-by? Yes! As the Ack is for the idea, you could stamp it already on this patch. Thanks, pq
pgpSaoMExLEAn.pgp
Description: OpenPGP digital signature
_______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
