[systemd-devel] [ANNOUNCE] systemd v230

Daniel Vetter daniel at ffwll.ch
Mon May 23 07:46:11 UTC 2016 

On Mon, May 23, 2016 at 11:12:05AM +0900, Michel Dänzer wrote:
> On 22.05.2016 18:02, Alexander E. Patrakov wrote:
> > 22.05.2016 13:33, Alexander E. Patrakov пишет:
> >> 22.05.2016 03:51, Zbigniew Jędrzejewski-Szmek пишет:
> >>> Hi,
> >>>
> >>> systemd v230 has been tagged. Enjoy!
> >>>
> >>> CHANGES WITH 230:
> >>
> >> <snip>
> >>
> >>>         * Framebuffer devices (/dev/fb*) and 3D printers and scanners
> >>>           (devices tagged with ID_MAKER_TOOL) are now tagged with
> >>>           "uaccess" and are available to logged in users.
> >>
> >> Has this been discussed with Wayland developers? Framebuffer device
> >> access can possibly be abused to take screenshots and draw on top of the
> >> compositor in a Wayland-based environment. Impossibility for arbitrary
> >> applications to take screenshots was one of the design goals of Wayland,
> >> and this change breaks it.
> >>
> >> So, unless one of Wayland developers confirms that they are OK with it,
> >> please revert it and ask for a CVE.
> >>
> > 
> > Sorry, I have to take this back. Attempting to grab video from /dev/fb0
> > here on Intel hardware, both under X and Weston, shows only an image
> > from the first virtual console - i.e. not the actual session. Still, I
> > would like someone else to confirm that this behaviour is not
> > Intel-specific and cannot be circumvented by, say, ioctls on /dev/fb0.
> 
> The scenario you describe isn't possible if the Wayland compositor
> directly uses the KMS API of /dev/dri/card*, but it may be possible if
> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if
> weston uses its fbdev backend).

Yeah, if both weston and your screen grabber uses native fbdev API you can
now screenshot your desktop. And since fbdev has no concept of "current
owner of the display hw" like the drm master, I think this is not fixable.
At least not just in userspace. Also even with native KMS compositors
fbdev still doesn't have the concept of ownership, which is why it doesn't
bother clearing it's buffer before KMS takes over. I agree that this
should be reverted or at least hidden better.

Also, can we just burn down fbdev please ;-)
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

More information about the wayland-devel mailing list