On Tue, 18 Oct 2016 08:37:56 -0400 (EDT)
Olivier Fourdan <ofour...@redhat.com> wrote:

> Hi Pekka,
> 
> > sorry for taking so long to reply.  
> 
> Now it's my turn to apologize, I saw your email and then forgot about it!
>  
> > A recap from earlier emails as I understood them:
> > 
> > - This patch adds a callback in libwayland-server's wl_registry
> >   implementation, that will be called every time a) libwayland-server
> >   is about to send an advert of a global to a client, and b) when a
> >   client tries to correctly bind a global interface, to determine if
> >   that should actually happen. Case b) is needed in case a malicious
> >   client guesses the global name and interface correctly.
> > 
> > - This does not actually have any significant consequences and it does
> >   not close any "security holes" that would not be closable/closed
> >   already otherwise. It is purely about trimming down the list of
> >   globals per client. Essentially it's kind of like an ad hoc
> >   implementation of namespaces for globals.
> > 
> > - It was said that this is quite different to Giulio's plans for
> >   privileged/restricted interface negotiation [1].  
> 
> I agree with all of the above :)


> > I'm very happy to see you wrote tests for the new API.
> > 
> > To get proper validation for the new libwayland-server API, I would
> > like to see it used in Weston to replace all the existing privileged
> > global checks. To make that fluent, I would like Weston to also use the
> > recently added "new client created" callback to set up per-wl_client
> > tracking data, a part of which would be flags telling which privileged
> > interfaces can be bound or the special role of the client.
> > 
> > As the only serious request for this patch series, I would like the
> > commit message to mention some more benefits we just figured out with
> > Jonas in IRC:
> > 
> > - Hiding interfaces that expose compositor implementation details makes
> >   it harder for clients to identify the compositor. Therefore clients
> >   are a little less likely to develop compositor-specific workarounds
> >   instead of reporting problems upstream.
> > 
> > - Hiding can be used to diminish the problems from missing namespacing:
> >   if two compositors happen to use the same named global with different
> >   interfaces for their special-purpose clients, the client expecting
> >   the different interface would probably never see it advertised.
> > 
> > Therefore I think this would be a beneficial addition:
> > Acked-by: Pekka Paalanen <pekka.paala...@collabora.co.uk>  
> 
> So, if I amend the commit message as above and rebase against current
> code, I can add your acked-by?

Yes!

As the Ack is for the idea, you could stamp it already on this patch.


Thanks,
pq

Attachment: pgpSaoMExLEAn.pgp
Description: OpenPGP digital signature

_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel

Reply via email to