Authorized clients

Martin Peres martin.peres at free.fr
Wed Jan 8 10:28:23 PST 2014


Le 08/01/2014 15:04, Sebastian Wick a écrit :
> Am 2014-01-08 13:02, schrieb Martin Peres:
>> On 07/01/2014 20:26, Jasper St. Pierre wrote:
>>>
>>>     Would it be ok for you if the compositor asked the user to agree
>>>     for the program to
>>>     do the operation? If so, we can guarantee that this is really the
>>>     user's intent and
>>>     allow the application. We can also add a security warning with a
>>>     "Do not ask again"
>>>     checkbox. Would it be satisfactory to you?
>>>
>>>
>>> The user opened up a screen recording app. The user's intent is very 
>>> much to record the screen. We don't need to ask the user again with 
>>> a prompt.
>>
>> How do you make sure it WAS launched by the user and not run silently
>> by one application?
>> That's the whole problem.
>
> If the application starts recording the screen without user interaction
> I would consider it broken.
Indeed, it would. Be security is never based on what an application 
SHOULD do, it is based on what it CAN do.

So you want to trust every screenshot application? I don't think it is a 
good idea. It is a better one
than trusting every app, but it still not is very efficient.




More information about the wayland-devel mailing list