[systemd-devel] [ANNOUNCE] systemd v230
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Tue May 24 14:13:12 UTC 2016
On Sun, May 22, 2016 at 01:33:13PM +0500, Alexander E. Patrakov wrote:
> 22.05.2016 03:51, Zbigniew Jędrzejewski-Szmek пишет:
> >Hi,
> >
> >systemd v230 has been tagged. Enjoy!
> >
> >CHANGES WITH 230:
>
> <snip>
>
> > * Framebuffer devices (/dev/fb*) and 3D printers and scanners
> > (devices tagged with ID_MAKER_TOOL) are now tagged with
> > "uaccess" and are available to logged in users.
>
> Has this been discussed with Wayland developers? Framebuffer device
> access can possibly be abused to take screenshots and draw on top of
> the compositor in a Wayland-based environment. Impossibility for
> arbitrary applications to take screenshots was one of the design
> goals of Wayland, and this change breaks it.
>
> So, unless one of Wayland developers confirms that they are OK with
> it, please revert it and ask for a CVE.
It seems that my original reply did not make it to wayland-devel.
Anyway, this change is now reverted in systemd master, see
https://github.com/systemd/systemd/pull/3333
Zbyszek
More information about the systemd-devel
mailing list