[PATCH] libwayland: Add WAYLAND_DEBUG_INTERFACES

Pekka Paalanen ppaalanen at gmail.com
Fri Jun 29 10:21:10 UTC 2018 

On Fri, 29 Jun 2018 10:46:16 +0200
Markus Ongyerth <wl at ongy.net> wrote:

> Urgh, of course I forget to mention something when I write mails.
> 
> This is current RFC quality, not actual patch. Should this be something people 
> are interested in, I think it should live mostly in connection.c and be 
> supported by both -server and -client libraries.
> 
> I'm also not sure whether the supplied whitelist approach is the best way to 
> go, or this should be a blacklist in practice.
> 
> On 2018/6月/29 10:43, wl at ongy.net wrote:
> > From: Markus Ongyerth <wl at ongy.net>
> > 
> > Add environment variable WAYLAND_DEBUG_INTERFACES for filtering the
> > output of WAYLAND_DEBUG logs.
> > While WAYLAND_DEBUG is a pretty powerful and useful debug tool, printing
> > everything has a few downsides.
> > 
> > 1) It's a full keylogger (getting debug-logs from users)
> > 2) It can be overly spammy with wl_buffer/wl_surface actions (e.g. when
> >    playing a video))
> > 
> > With this addition it's possible to supply another environment
> > variable, to filter on the interfaces one is interested in.
> > E.g. when interested in the behaviour of xdg-shell popups the filter could be
> > WAYLAND_DEBUG_INTERFACES=xdg_positioner,xdg_surface,xdg_popup
> > greatly improving SNR on the output and hiding potentially sensitive
> > information such as keystrokes.
> > ---
> >  src/wayland-client.c | 85 +++++++++++++++++++++++++++++++++++++++++---
> >  1 file changed, 81 insertions(+), 4 deletions(-)

Hi,

I'm not fond of this.

Whether it is a white-list or a black-list, it will be hard to use. You
cannot be sure which interfaces will actually be interesting, which is
likely to result in asking the user to trace multiple times trying to
get the filter right. There might be interfaces you didn't know of
existing. It is much better to capture everything and filter while you
analyze the dump.

For example, you almost always need wl_surface messages, because so
many things get latched in on wl_surface.commit.

I'm not concerned about the keylogger aspect much. Presumably most use
cases are relatively fast to reproduce so the user can simply avoid
inputting anything sensitive, knowing that e.g. key presses will be
logged (the developer asking for a log should note this if there is any
danger of leaking sensitive data).

libwayland also does not understand the interfaces, so any kind of more
intelligent analysis must be done with other tools. We do have
middle-man protocol logger tools. If key logging is a concern, I would
suggest to have a middle-man logger enhanced to censor the key codes in
key events.


Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180629/cc0a22cb/attachment-0001.sig>

More information about the wayland-devel mailing list