[systemd-devel] [ANNOUNCE] systemd v230

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Tue May 24 14:13:12 UTC 2016


On Sun, May 22, 2016 at 01:33:13PM +0500, Alexander E. Patrakov wrote:
> 22.05.2016 03:51, Zbigniew Jędrzejewski-Szmek пишет:
> >Hi,
> >
> >systemd v230 has been tagged. Enjoy!
> >
> >CHANGES WITH 230:
> 
> <snip>
> 
> >        * Framebuffer devices (/dev/fb*) and 3D printers and scanners
> >          (devices tagged with ID_MAKER_TOOL) are now tagged with
> >          "uaccess" and are available to logged in users.
> 
> Has this been discussed with Wayland developers? Framebuffer device
> access can possibly be abused to take screenshots and draw on top of
> the compositor in a Wayland-based environment. Impossibility for
> arbitrary applications to take screenshots was one of the design
> goals of Wayland, and this change breaks it.
> 
> So, unless one of Wayland developers confirms that they are OK with
> it, please revert it and ask for a CVE.

It seems that my original reply did not make it to wayland-devel.

Anyway, this change is now reverted in systemd master, see
https://github.com/systemd/systemd/pull/3333

Zbyszek


More information about the systemd-devel mailing list