Authorized clients

Martin Peres martin.peres at free.fr
Fri Jan 10 06:01:55 PST 2014


Le 10/01/2014 04:32, Jasper St. Pierre a écrit :
> On Thu, Jan 9, 2014 at 7:05 PM, Martin Peres <martin.peres at free.fr 
> <mailto:martin.peres at free.fr>> wrote:
>
>     On 09/01/2014 23:57, Maarten Baert wrote:
>
>
>         On 09/01/14 21:54, Martin Peres wrote:
>
>             The worse thing that can happen is an application running
>             with the user's uid grabbing and sending periodical
>             screenshots to a distant server running OCR and waiting
>             for you to enter your bank details on amazon.com
>             <http://amazon.com>. As for how this application got
>             installed in the first plase, do I really have to list all
>             the ways or can we both agree this is out of scope?
>
>         Is that the worst case scenario you can come up with? :D
>
>
>     Hey, don't twist his question and my answer ;) The question was IF
>     our protocol is wrong. Remember, we aren't addressing the security
>     of desktop here. We are looking for a way to provide a service
>     (screenshots) and trying to find a way to make it as difficult as
>     possible to misuse it. Right?
>
>
> My question was not meant to be taken in a vaccuum. In fact, quite the 
> opposite. My question was about thinking whether it made sense to do 
> access control at the Wayland level, or at the
If not there, where?

I am convinced userspace-exported services should do their own 
access-control and just refer to a central daemon to ask for permission. 
I already implemented something like that in PIGA-OS, it is called 
PIGA-SYSTRANS.

> Here, run this program. You can audit it, it won't steal your 
> credentials, but it doesn't take a screenshot of the desktop, and is 
> fairly convincing. It would probably even fool me. It's X11, simply 
> because that's easier than writing a raw Wayland app at this point. It 
> doesn't rely on any insecurities of X11.
>
> Build instructions are on top: 
> https://gist.github.com/magcius/835501bc2728be83587f
>
> It was made in a hurry, so the main tell: the blinking cursor, I 
> couldn't deal with. Somebody with more than an hour on their hands 
> might be able to do something more with this concept.

Nice one. I'm not sure it is doable in wayland right now to have an 
application in real full screen.We'll need to discuss how to handle that 
properly.

As I said in the security presentation a friend of mine and I gave at 
XDC2012, full screen apps grabbing all keys are an availability hazard too.




More information about the wayland-devel mailing list