Migration of windows between displays
Jim.Gettys at hp.com
Fri Nov 12 17:42:16 EET 2004
On Fri, 2004-11-12 at 14:18 +1300, Perry Lorier wrote:
> Avery Pennarun wrote:
> >On Thu, Nov 11, 2004 at 04:46:42PM -0500, Jim Gettys wrote:
> >>Arguably, stealing entire application is more dangerous than sniffing
> >>input events.
> >Arguable? It's like saying that giving someone root access on my system is
> >more dangerous that giving them rw access to /dev/hda. Theoretically, yes,
> >but in the end, if I can trust them to access every byte on my hard drive, I
> >had *better* be able to trust them to do everything else they might want to
> I agree, preventing migration of windows seems to be closing the barn
> door after the horse has already bolted. If someone can set properties
> on your window, then they can sniff/synthesize events, set other
> properties and delete windows. They can map other windows that
> impersonate your window.
> The games over, the horse has bolted.
And as soon as we have some real security stuff to share displays
(which is the natural outcome of having migration), you mitigate this
problem. Such work started this year, though is not yet usable
(Eamon Walsh's work).
Protocols have to be designed with some view toward the future, or you
end up with terrible migration and interoperability issues.
Ok, now you'll argue that people aren't doing such sharing yet, so why
worry about it...
Keith and I were visiting MERL (Mitsubishi Electric Research Laboratory)
two days ago, and sat down at a table with a projector, intended to be
used by multiple people.
That prototype is 18 months old.
We know of another group somewhere (I won't say where), doing similar
Products like that are *not* all that far off.
We *MUST* get our act together in both security and multi-user use.
The time is *NOW*, not several years from now, for this design work.
More information about the xdg