[Wayland-bugs] [Bug 84817] Allow another local user to run programs on a WAYLAND_DISPLAY
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Jan 7 22:18:30 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=84817
Daniel Stone <daniel at fooishbar.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from Daniel Stone <daniel at fooishbar.org> ---
(In reply to Paranoik from comment #7)
> This! They pretend that they care about our security and limit sudo
> graphical programs but in reality they simply didn't thought about multiuser
> desktop as a kind. Actually if one really care about security and run every
> program under specific limited user he will not allowed to do so on wayland.
> And the only option xhoset +... is actually an advice to make a whole in
> environment.
It's much more flexible than that. Wayland doesn't do a user lookup at all, or
rely on particular authentication files: it relies on filesystem permissions to
restrict who can access the socket.
You can grant access to the socket to whichever uid you like, or you can
specifically bind-mount the uid into a particular container. So it is more
granular, more flexible, but also more secure.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20180107/e5ac743d/attachment.html>
More information about the wayland-bugs
mailing list