[systemd-devel] [ANNOUNCE] systemd v230

Alexander E. Patrakov patrakov at gmail.com
Sun May 22 08:33:13 UTC 2016


22.05.2016 03:51, Zbigniew Jędrzejewski-Szmek пишет:
> Hi,
>
> systemd v230 has been tagged. Enjoy!
>
> CHANGES WITH 230:

<snip>

>         * Framebuffer devices (/dev/fb*) and 3D printers and scanners
>           (devices tagged with ID_MAKER_TOOL) are now tagged with
>           "uaccess" and are available to logged in users.

Has this been discussed with Wayland developers? Framebuffer device 
access can possibly be abused to take screenshots and draw on top of the 
compositor in a Wayland-based environment. Impossibility for arbitrary 
applications to take screenshots was one of the design goals of Wayland, 
and this change breaks it.

So, unless one of Wayland developers confirms that they are OK with it, 
please revert it and ask for a CVE.

-- 
Alexander E. Patrakov


More information about the systemd-devel mailing list