[PATCH] selection: send selection events to all connected clients
nil
namespace_collision at yahoo.com
Mon Apr 15 01:25:03 PDT 2013
Yichao Yu <yyc1992 at ...> writes:
> On Mon, Apr 15, 2013 at 3:45 AM, Pekka Paalanen <ppaalanen at ...> wrote:
> > Allowing command line utilities the access to clipboard contents (or
> > to take screenshots, equivalently), is a problem. Enabling them enables
> > all spy programs, too. I'm not sure we can both enable them and stay
>
> Why does a spy program have to steal sth from your clipboard while it
> can easily send out your whole $HOME
Because it's confined by a MAC, or running as another user and your $HOME is
o-rx?
[...]
> > An optional protocol extension must be the starting point for any
> > proposals like this one. Let's keep the system secure by default, but
>
> If you trust a program and run it, why should you implement a security
> layer where there is nothing much to protect.
It might get subverted, and you'd rather limit the damage it can cause when
it is. PDF viewers, web browsers, and media players have significant attack
surfaces.
Trusting all your clients as much as you trust the server is valid for at
least one use-case, but not necessarily for all of them.
More information about the wayland-devel
mailing list