[RFC] Implementing Wayland Security Module
manuel.bachmann at open.eurogiciel.org
Sun Mar 8 22:38:33 PDT 2015
Hi fellow developers,
Some time ago, there has been some discussion on this mailing list about
"libwsm" (alias lib "Wayland Security Module").
Here is the previous thread :
Libwsm has been developed by Martin Peres and Steve Dodier-Lazaro ; it
tries to address the issues about unprivilegied clients wanting access to
privilegies interfaces. For instance,
- a legitimate third-party app wanting to take screenshots and record the
screen at the user's request ;
- a rogue app trying to take screenshots of the users' bank account number ;
- a legitimate app installed as an alternate virtual keyboard (instead of,
- a rogue app (virus) trying to permanently switch fullscreen to display
ads and threats.
We know all this was possible with X11 due to protocol flaws. Wayland is a
lot more secure, but there are still legitimate third-party clients wanting
access to these privliegied features (such as the "Pick a color from the
screen" tool of GIMP) !
Unfortunately, Wayland Compositors have no generic way to validate them.
So, how do we allow GIMP, for instance, to work ? libwsm lives in the
compositor (eventually in a plugin) and is able to takes decisions based on
various configurable policies. Policies can be shared among compositors.
Here's a demo with fullscreen limitation policies :
The current code :
and the video :
(here we try to make "weston-terminal" fullscreen ; first with "allow"
policy -it works-, then with "deny" -it fails with an explanative
notification- and finally with "soft allow" -it works when the user
interacts with the notification to explicitly authorize the app)
Any comments on this ?
*Manuel BACHMANN Tizen Project VANNES-FR*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wayland-devel