Authorized clients
Maarten Baert
maarten-baert at hotmail.com
Tue Jan 7 11:22:42 PST 2014
@Martin Peres: Your ideas are nice in theory, but as Sebastian Wick
already said, it is just not practical.
If you want a specific example, I have one:
https://github.com/MaartenBaert/ssr
The sole purpose of this application is to record the screen (i.e. take
30 screenshots per second). People are using this - the latest version
has been installed about 13.000 times on Ubuntu alone (and that number
is still growing). I know that's not a lot in the big picture, but
clearly it is not an 'extremely rare case'.
I really want to add Wayland support to this application. In fact that's
why I'm here, discussing an API to authenticate my program so I can
actually start to think about adding Wayland support. Your answer seems
to be that the user should continuously hold down a button on their
keyboard in order to record their screen. That's just not acceptable. I
will simply have to tell users to disable the security features in
Weston completely so they can use my application - and most of them will
probably have no problem with that, because the average user doesn't
care about security, especially when it is something trivial like the
ability to take screenshots. Seriously - a rogue application can install
a keylogger <https://github.com/MaartenBaert/wayland-keylogger>, steal
my saved passwords and browser cookies, ssh and pgp keys, delete all my
files and even my backups, but luckily it can't take screenshots! I do
not want to tell users to disable security features, but if these
features make it completely impossible for an application to function,
then I have no choice.
It seems like your proposed solution is to take away all control from
the user for their own good, and that is just not going to work. Any
security feature that stops the user from doing something he/she wants
will be disabled by the user.
The Wayland compositor will never be able to anticipate all possible use
cases and allow only those while blocking all other uses, You can't
block all possible malicious use cases without also blocking a
significant number of normal use cases. You cannot design a secure
desktop that is fully idiot-proof and still usable. You have to assume
that the administrator knew what he was doing when he installed
application X, and trust that application to do what the user wants.
Maarten Baert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140107/1a40a816/attachment.html>
More information about the wayland-devel
mailing list