[Wayland-bugs] [Bug 98894] Add an API for taking screenshots and recording screencasts

Tue Nov 29 07:58:36 UTC 2016

https://bugs.freedesktop.org/show_bug.cgi?id=98894

--- Comment #1 from Pekka Paalanen <ppaalanen at gmail.com> ---
(In reply to Christian Stadelmann from comment #0)
> * Taking screenshots and recording screencasts should be an optional feature.

Right.

> * The wayland compositor should be able to decide (based on rules or user
> decisions) whether to allow or deny the request. For this, applications need
> to have a way to provide information about themselves (like application name
> and icon) and why they want to take a screenshot/screencast.

This is the very problem. If an application provides identification info
itself, it can lie. This is actually the root problem for authenticating any
privileged actions, and I don't think there exists a commonly agreed solution
yet.

A simple solution is to have the compositor itself launch only trusted binaries
(e.g. installed to the system by root, pre-declared as safe), or verifying the
app is such a trusted binary which is somewhat more complicated. However, the
ultimate solution would probably revolve around secured containers, where the
application id is provided by the system, not the app.

Any authenticated application also needs to avoid exploitation. E.g. a command
line tool that captures the whole desktop could be simply launched by a
malicious app.

Giving the user a notification and inferring from user actions whether the
operation was really initiated and accepted by the user would probably go a
long way, but it would also be important to be able to tell the user reliably
which program and for what purpose is trying a privileged action.

> * Applications must handle being denied to take a screenshot/screencast

Definitely.

> * there should be a way to select regions of the screen(s) only. I don't
> care whether this should be implemented on client or server (compositor)
> side.

Server-side. It cannot be client-side for security reasons. The user must be
able to trust that the app is not getting anything outside of the region he
selected.

There is also the choice of per-window vs. from the composite (the whole
desktop).

Someone might also want to see a preview of the screenshot before passing it on
to the application, to verify it does not contain sensitive information by
accident.

Whether screenshooting and screencasting should be a Wayland extension is also
an open question, as you can see from the various implementations.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20161129/755dc663/attachment-0001.html>