Migration of windows between displays

[Phil Blundell]

On Fri, 2004-11-12 at 10:19 +1300, Perry Lorier wrote:
> What kind of security is necessary?  If not everyone who has permission 
> to access the display doesn't have the necessary permission to ask an 
> application to move displays, who does?  Is strong crypto necessary (can 
> the wire be sniffed/MiTM?) or even usable? (do IPaq's have enough 
> processing power to not introduce heaps of latency when moving large 
> numbers of windows around?) is a simple cookie instead appropriate?

When I implemented this stuff for GPE, I had it use a public-key
signature mechanism for authentication.  I don't remember all the
details offhand, but the gist was that each "please migrate yourself to
display <x>" request was signed with a private key, and the target
application would verify the signature against a set of trusted public
keys before acting on the message.  Both sets of keys are typically
stored in files in $HOME.  So, in the simplest case, where the
requesting application and the target application are both running in
the same session, you get to manipulate your own applications without
having to do any special setup and without anybody else being able to
mess with them.

The code is in the GPE CVS tree if you want to look it over.  "teleport"
is the requestor application, and "libdisplaymigration" is the receiving
end.  Ultimately, you'd want to merge libdisplaymigration into GTK
itself, so that applications didn't need to take any special measures in
order to be migratable.

iPAQs generally have between 200MIPS and 400MIPS of computing power,
which is plenty for this kind of thing.  We're only talking about
encrypting and decrypting a few tens of bytes for each migration
request.

p.