On Thursday, June 27, 2019 11:36 PM, Simon Ser <cont...@emersion.fr> wrote: > > Previously there were some musings about the security considerations. > > This version of the protocol allows the compositor to consider the lease > > request in its own time, perhaps presenting the user with a dialog to > > consent to the lease. Additionally, leased connectors can be added and > > removed at the compositor's whim, and race conditions have been > > considered to avoid disagreement between the client and compositor as to > > which connectors are available for lease - the compositor being the > > ultimate authority. > > We still need a way to identify the client. See > https://gitlab.freedesktop.org/wayland/weston/issues/206
I'm now wondering if DRM leasing is that much different from xdg-shell set_fullscreen requests. Is DRM leasing that much of a big deal regarding security? (Especially if the compositor has a policy to lease only non-desktop outputs) One thing I'm concerned about is buffers read access. Someone posted a Weston patch [1] to remove framebuffers when switching VTs, because the new master could potentially read them. Would this type of thing be possible with DRM leases? Could a lessee read buffers from the compositor's connectors? [1]: https://gitlab.freedesktop.org/wayland/weston/merge_requests/175 _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
