Client permissions

[Bill Spitzak]

There is a concern that a malicious user-space program can cause 
trouble, such as covering the screen with it's window, taking all the 
events, or pretending to be a system service such as a request for the 
sudo password.

I think Wayland intends for compositors to prevent this, since the 
compositor will always be able to control the sending of events and the 
location and size of the composited images on the screen. The compositor 
is assumed to not be malicious and be protected from modifications by 
user programs without the sudo password.

This does seem to lead a lot of people to think the compositor has to do 
a lot of stuff that I don't believe it has to, for instance drawing of 
the borders of windows. IMHO if a malicious program has to be prevented 
from doing something wrong it is acceptable if the resulting graphics 
are not perfect, for instance a window that tries to be too big without 
permission can just be clipped or scaled, even though that will remove 
or scale the window border. In fact the bad graphics will make it clear 
the program is misbehaving.

Niklas Höglund wrote:
> I see a lot of discussions on this list about what clients should be
> allowed to do. Is this such a big deal? All software on my Linux
> systems is free software, and if it doesn't behave it can be fixed.
> Any restrictions in what is allowed is bound to stifle innovation in
> one way or another.
> 
> If I don't like how an application works, I always have the choice of
> not using it.
>