New paths for Wayland sockets (Re: Enabling Android-style per application user ids)
raster at rasterman.com
Fri Nov 3 13:33:49 UTC 2017
On Fri, 3 Nov 2017 12:47:39 +0200 Pekka Paalanen <ppaalanen at gmail.com> said:
> On Fri, 3 Nov 2017 11:04:27 +0100 (CET)
> Jan Engelhardt <jengelh at inai.de> wrote:
> > On Friday 2017-11-03 10:37, Pekka Paalanen wrote:
> > >
> > >> Summary of (individual) proposals follows.
> > >>
> > >> >- modify WAYLAND_DISPLAY to support absolute paths which overrides
> > >> > any search paths
> > >>
> > >> - introduce new WAYLAND_SOCKET
> > >> - modify WAYLAND_DISPLAY to reject '/'
> > >
> > >What would be the functional difference to WAYLAND_DISPLAY accepting
> > >absolute paths? Why would a different environment variable make a
> > >difference?
> > Well because you cannot establish for certain that people have or have not
> > already used WAYLAND_DISPLAY=/newsock in the concatenation sense.
> > (Depending on who you ask and how much weight they give to it,
> > breaking application interfaces is out of the question. That's all.)
> Ah, that, ok. I thought this was about the security stuff you referred
> to. But given the same rationale, we cannot forbid / in WAYLAND_DISPLAY
security here i think is a red herring. i can effectively trick
libwayland-client to connect to an abs path by setting XDG_RUNTIME_DIR AND
WAYLAND_DISPLAY. so ... effectively same thing. it will force all xdg runtime
stuff to be in that same dir... but i think abs path for wl display
specifically being a security issue is a red herring, unless there is something
none of us can think of. then we have the problem already with runtime dir env
var and wl display too like above.
------------- Codito, ergo sum - "I code, therefore I am" --------------
Carsten Haitzler - raster at rasterman.com
More information about the wayland-devel