Limitations of Weston's screenshooter / Are there any plans to create an official screenshot protocol?

Martin Peres martin.peres at free.fr
Fri Dec 13 07:01:55 PST 2013 

Le 13/12/2013 15:26, Maarten Baert a écrit :
> I'm trying to add Wayland support to a screen recording application, but
> I'm running into a few issues:
>
> - There is no official protocol. I'm using the weston-specific
> 'screenshooter' interface now, but I don't want to use a different
> interface for every possible Wayland compositor in the future. Are there
> any plans to create an official screenshot protocol?
>
> - Permissions were an issue, but I hear this is being taken care of. The
> current solution is to drop the restriction completely for all clients -
> wouldn't it be safer to add a third mode where only local clients
> running as the same user are allowed to capture the screen?
I may be wrong, but other unix users shouldn't be able to
communicate with another user's compositor unless this
user specifically allowed that by adding him to his/her group.
> I think this
> mode would be more suitable for a typical Linux desktop (local
> applications can already do far more damage in other ways).
Screenshot/screencapture applications are a confidentiality hazard.
We don't want any application run by the user to be able to
read the credit card number you are writing in firefox, right?

More exactly, we don't want non-user-triggered application to be able to
grab the screen.

This is why I advocated for the screenshot application to be
managed by the compositor because we already have to trust it
and because it has access to the input from evdev and can control
global shortcuts.

I am not entirely satisfied by the idea that it is possible to disable
any access control by a configuration file because any application
could modify the setting and, at the next reboot, your system would
become vulnerable.

Of course it is possible to use SELinux to restrict access to this
file (or make it root-owned and read-only access to the user) but
I see valid use cases where someone would genuinely want a
behaviour like that.

Anyway, the bottom line is that I strongly think only the compositor
should be able to run screenshot applications and those (or the
compositor) should at least make it obvious to the user that
screenshots are being taken.

It doesn't mean that I disagree that there should be a good screenshot
interface for compositors, I actually think you are fully right on this!

Martin Peres

More information about the wayland-devel mailing list