Summary of the security discussions around Wayland and privileged clients

Thiago Macieira thiago at
Thu Feb 20 14:47:01 PST 2014

Em qui 20 fev 2014, às 14:34:39, Bill Spitzak escreveu:
> This makes it impossible for a privileged client to distribute it's
> privledges to more than one subprocess, or to both itself and a subprocess.

I think it's fine. That's hardly a common scenario.

To allow distribution of security settings, one could assign them per cgroup. 
The compositor simply needs to get the information from the caller of what 
cgroup it is in. Is that information available via SCM_CRED?

Alternatively, there could be a shared secret stored in a file for which the 
file descriptor can be passed. The Wayland compositor can modify the file 
frequently and request that the client prove its worthiness by reading from 
the file.

Thiago Macieira - thiago (AT) - thiago (AT)
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

More information about the wayland-devel mailing list