Summary of the security discussions around Wayland and privileged clients
sebastian at sebastianwick.net
Thu Feb 20 11:43:30 PST 2014
Am 2014-02-20 20:02, schrieb Martin Peres:
> Le 20/02/2014 13:04, Pekka Paalanen a écrit :
>> It can be done, but with a little more effort than implied here.
>> Binding to an interace means wl_registry.bind request, and failing
>> is always a fatal error, which terminates the client connection. All
>> errors in Wayland are fatal like that.
>> Instead, the interface should be always bindable, but include explicit
>> protocol to indicate failure in using its requests.
> In this case, we can make something pretty simple, send a signal
> to the application if rights to use this interface has been granted.
> If the application tries to use the interface without having the rights
> to do so, an EPERM signal can be sent (not to be confused with the
> revokation signal that happens when .... rights have been revoked).
> What do you think?
I would like to have a request_permission and a revoke_permission method
and respectively a permission_granted and a permission_revoked event. An
application might not need to permission or only needs it for a small
amount of time.
Slightly unrelated: We also need a way for a program to ask the
compositor to start a client (and we have to ask ourselves how to handle
arguments, environment variables etc.).
More information about the wayland-devel