New paths for Wayland sockets (Re: Enabling Android-style per application user ids)
Matt Hoosier
matt.hoosier at gmail.com
Tue Nov 7 16:51:42 UTC 2017
Hi Pekka,
What do you think is a good amount of time to allow for people to
respond to your call for acks/nacks?
On Fri, Nov 3, 2017 at 8:33 AM, Carsten Haitzler <raster at rasterman.com> wrote:
> On Fri, 3 Nov 2017 12:47:39 +0200 Pekka Paalanen <ppaalanen at gmail.com> said:
>
>> On Fri, 3 Nov 2017 11:04:27 +0100 (CET)
>> Jan Engelhardt <jengelh at inai.de> wrote:
>>
>> > On Friday 2017-11-03 10:37, Pekka Paalanen wrote:
>> > >
>> > >> Summary of (individual) proposals follows.
>> > >>
>> > >> >- modify WAYLAND_DISPLAY to support absolute paths which overrides
>> > >> > any search paths
>> > >>
>> > >> - introduce new WAYLAND_SOCKET
>> > >> - modify WAYLAND_DISPLAY to reject '/'
>> > >
>> > >What would be the functional difference to WAYLAND_DISPLAY accepting
>> > >absolute paths? Why would a different environment variable make a
>> > >difference?
>> >
>> > Well because you cannot establish for certain that people have or have not
>> > already used WAYLAND_DISPLAY=/newsock in the concatenation sense.
>> >
>> > (Depending on who you ask and how much weight they give to it,
>> > breaking application interfaces is out of the question. That's all.)
>>
>> Ah, that, ok. I thought this was about the security stuff you referred
>> to. But given the same rationale, we cannot forbid / in WAYLAND_DISPLAY
>> either.
>
> security here i think is a red herring. i can effectively trick
> libwayland-client to connect to an abs path by setting XDG_RUNTIME_DIR AND
> WAYLAND_DISPLAY. so ... effectively same thing. it will force all xdg runtime
> stuff to be in that same dir... but i think abs path for wl display
> specifically being a security issue is a red herring, unless there is something
> none of us can think of. then we have the problem already with runtime dir env
> var and wl display too like above.
>
> --
> ------------- Codito, ergo sum - "I code, therefore I am" --------------
> Carsten Haitzler - raster at rasterman.com
>
More information about the wayland-devel
mailing list