[PATCH weston] introduces a setting to give permission to any client to do screenshots

Giulio Camuffo giuliocamuffo at gmail.com
Mon Dec 16 13:55:45 PST 2013 

2013/12/16 Bill Spitzak <spitzak at gmail.com>:
> Could an api be added so that one client can "give" access to an object to
> another client? This would allow a single secure client to implement all the
> rules for what is allowed to be a screen saver, rather than having the rules
> be in the compositor.

Yeah, it's possible. See http://git.io/Inq5zA and http://git.io/T0TEdg

>
> What I thought was something like this:
>
> - "secure" client gets the object id for the screen shooter api
>
> - It can ask the compositor for a "key" to this id. This is a big
> random-looking number
>
> - It then sends this key (using any method it wants, such as argv to exec)
> to a client that does not have any more privledges other than being able to
> connect to the wayland compositor.
>
> - This client sends the key in a new request to the compositor
>
> - If the key is one it recently generated, the compositor responds with
> something much like the global registry events, giving the type and id of
> the same object. Otherwise it responds with an error.
>
> - Client can now use the screen shooter object.
>
> This does not really solve the screen shooter problem, but perhaps moves it
> somewhere more convenient.
>
> I also think this api would be useful so that a parent client can create a
> subsurface and then pass it to a child executable to draw into. This appears
> a lot simpler than the proposed mechanism where the child creates the
> subsurface.

I don't see how they relate. That would require sending an object to
another client.

>
> Speaking from a user pov:
>
> If the user wants to run a screen saver app they downloaded, then when they
> run it the first time it should pop up a dialog saying "this app wants to be
> able to take images of the screen" and if the user hits ok it runs. Anything
> more complicated than that, including anything requiring the screen shooter
> to be "installed" or giving it setuid, is unacceptable.
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel

More information about the wayland-devel mailing list