[RFC] Implementing Wayland Security Module
Manuel Bachmann
manuel.bachmann at open.eurogiciel.org
Sun Mar 8 22:38:33 PDT 2015
Hi fellow developers,
Some time ago, there has been some discussion on this mailing list about
"libwsm" (alias lib "Wayland Security Module").
Here is the previous thread :
http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html
Libwsm has been developed by Martin Peres and Steve Dodier-Lazaro ; it
tries to address the issues about unprivilegied clients wanting access to
privilegies interfaces. For instance,
- a legitimate third-party app wanting to take screenshots and record the
screen at the user's request ;
- a rogue app trying to take screenshots of the users' bank account number ;
- a legitimate app installed as an alternate virtual keyboard (instead of,
say, weston-keyboard)
- a rogue app (virus) trying to permanently switch fullscreen to display
ads and threats.
We know all this was possible with X11 due to protocol flaws. Wayland is a
lot more secure, but there are still legitimate third-party clients wanting
access to these privliegied features (such as the "Pick a color from the
screen" tool of GIMP) !
Unfortunately, Wayland Compositors have no generic way to validate them.
So, how do we allow GIMP, for instance, to work ? libwsm lives in the
compositor (eventually in a plugin) and is able to takes decisions based on
various configurable policies. Policies can be shared among compositors.
Here's a demo with fullscreen limitation policies :
The current code :
https://github.com/Tarnyko/weston-wayland_security_module/commits/master
and the video :
https://www.youtube.com/watch?v=pDg-eUARW5c
(here we try to make "weston-terminal" fullscreen ; first with "allow"
policy -it works-, then with "deny" -it fails with an explanative
notification- and finally with "soft allow" -it works when the user
interacts with the notification to explicitly authorize the app)
Any comments on this ?
--
Regards,
*Manuel BACHMANN Tizen Project VANNES-FR*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20150309/c03aa551/attachment.html>
More information about the wayland-devel
mailing list