LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How about running untrusted applications?

How about running untrusted applications?

Posted Apr 24, 2012 13:51 UTC (Tue) by dgm (subscriber, #49227)
In reply to: How about running untrusted applications? by gmatht
Parent article: LFCS 2012: X and Wayland

> The secure GUIs rely on, for example, windows titles being correct even in the case of a hostile client.

A very poor assumption, if you ask me.

(Log in to post comments)

How about running untrusted applications?

Posted Apr 24, 2012 14:15 UTC (Tue) by renox (subscriber, #23785) [Link]

>> The secure GUIs rely on, for example, windows titles being correct even in the case of a hostile client.
> A very poor assumption, if you ask me.

Uh? If the window manager is in the server, that's not such a bad assumption!
For example you can divide your applications into trusted and untrusted one, the window tittle being very different in both cases..
With CSD, obviously you can't do this.

How about running untrusted applications?

Posted Apr 24, 2012 16:11 UTC (Tue) by dgm (subscriber, #49227) [Link]

Correct me if I'm wrong but:
1. Aren't X11 applications able to specify their window title?
2. Aren't X11 applications able to override the WM redirection if they ask to? And finally...
3. Aren't server side decorations something exclusive of X? meaning that applications relying on this would not be portable to Windows or OSX?

How about running untrusted applications?

Posted Apr 24, 2012 16:32 UTC (Tue) by renox (subscriber, #23785) [Link]

> Correct me if I'm wrong but:
> 1. Aren't X11 applications able to specify their window title?

Of course they are, but this doesn't mean that a window manager cannot get its own way to check whether the application is trusted or not (not so simple in practive but doable I think) and display a trust indicator next to the window tittle.

Not sure what you mean about your point 2, but clearly untrusted applications must be restricted in what they're allowed to do (no real fullscreen, no input redirection, etc).

> 3. Aren't server side decorations something exclusive of X? meaning that applications relying on this would not be portable to Windows or OSX?

Portable applications exist already today with X and Windows/OS X, so I'm not sure what is your point.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds