[PATCH weston] introduces a setting to give permission to any client to do screenshots

Martin Peres martin.peres at free.fr
Sun Dec 15 08:13:02 PST 2013

On 15/12/2013 01:09, Sebastian Wick wrote:
> Am 2013-12-13 16:12, schrieb Martin Peres:
>> What prevents other applications from modifying this setting to true
>> if they want to
>> spy on applications?
> Nothing. But then again if you can write to the ini file you can make
> the compositor load any code with the shell setting.

Not if the compositor was loaded by the init system.

> I don't even think my patch is the right way to handle it anymore.
> There must be a way to trust a client even when it's not started by
> the compositor.
I think there is one, but it is not super pretty:
Write the list of acceptable screenshot clients in an 
administrator-owned file.
The file could either be global (in /etc/) or local (in ~/.wayland/). To 
be found
acceptable by weston, it would have to be owned by root and in 644.

In order to be considered "secure", the screenshot app shouldn't be able
to take snapshot without the user's consent or, at least, the user should
notice about it. That means no CLI-only interface without, at least, 
some sort
of graphic notification.

Of course, we shouldn't deny the user from using unsecure screenshot apps,
but let's not make that possible for a program run by the user to change the
setting for him, this is why we need the administrator for that (or at 
least a
confirmation of the user's password, like sudo).

What do you think?


More information about the wayland-devel mailing list