Summary of the security discussions around Wayland and privileged clients
Thiago Macieira
thiago at kde.org
Thu Feb 20 14:47:01 PST 2014
Em qui 20 fev 2014, às 14:34:39, Bill Spitzak escreveu:
> This makes it impossible for a privileged client to distribute it's
> privledges to more than one subprocess, or to both itself and a subprocess.
I think it's fine. That's hardly a common scenario.
To allow distribution of security settings, one could assign them per cgroup.
The compositor simply needs to get the information from the caller of what
cgroup it is in. Is that information available via SCM_CRED?
Alternatively, there could be a shared secret stored in a file for which the
file descriptor can be passed. The Wayland compositor can modify the file
frequently and request that the client prove its worthiness by reading from
the file.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
More information about the wayland-devel
mailing list