cross-client surface references
spitzak at gmail.com
Thu Jul 9 09:13:54 PDT 2015
On 07/09/2015 02:19 AM, Jasper St. Pierre wrote:
> Calling sandboxed_surface_manager.get_surface_for_id(); retrieves that
> surface and deletes the ID from the global namespace.
I thought about having the ID work only once like you propose, but I
think this means that a client must be able to create unlimited ID's per
object, and thus a malicious one can fill up the server's map from ID to
object. The reason more than one ID is needed is so the client can
launch more than one subclient and let them both use the same object.
Instead I think there can only be one ID for any object. The client that
created the object can get the key once, repeated attempts are either
protocol errors or return the same key. A client that uses a key to
access the object is in the same state as a client that created the
object and has already asked for the key. A client should only be able
to use a key once (this is to prevent a client from opening unlimited
numbers of interfaces to the object, it would have to open a different
wayland pipe each time and that would probably hit a limit first).
More information about the wayland-devel