LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DRI3000

DRI3000

Posted Feb 13, 2013 8:09 UTC (Wed) by ibukanov (subscriber, #3942)
In reply to: DRI3000 by tshow
Parent article: LCA: The X-men speak

> You have to allow undecorated windows unless you don't want to be able to do things like panels. There's no fixing this without breaking useful functionality.

One just need to restrict undecorated windows to few trusted applications that are a part of a secure GUI. Done right it would not restrict any useful functionality. For example, a trusted panel still can show status icons and notifications from untrusted applications. And even watching full-screen movies should be possible as window decorations indicating the trust level can appear on any user input.

(Log in to post comments)

DRI3000

Posted Feb 13, 2013 10:10 UTC (Wed) by tnoo (subscriber, #20427) [Link]

> One just need to restrict undecorated windows to few trusted applications > that are a part of a secure GUI.

How would this work in a tiling window manager (xmonad, awesome, etc)? These are so great because they don't waste any pixels on useless mostly decorations.

DRI3000

Posted Feb 13, 2013 10:18 UTC (Wed) by renox (subscriber, #23785) [Link]

It wouldn't work of course.

DRI3000

Posted Feb 13, 2013 10:53 UTC (Wed) by ibukanov (subscriber, #3942) [Link]

> How would this work in a tiling window manager (xmonad, awesome, etc)

Some pixels has to be wasted to provide fast visual clues about a trust level. With tiling one can try to color just one edge or a corner of the application in a semi-transparent way to communicate the trust.

Without always present visual clues for passwords one can try to require to press a special trusted key that brings a password-entering GUI that always properly decorate the window. But then one may forget to enter that special key...

DRI3000

Posted Feb 13, 2013 11:42 UTC (Wed) by tnoo (subscriber, #20427) [Link]

Practically, this won't be of much use. Most users don't care about this kind of stuff at all. Who actually checks every time the visual clues for secure connections given in a web browser before entering data?
There are even some people who provide their credentials (for bank or computer accounts) in emails from a "system administrator".

So, frankly, I don't think that the idea you advocate will be of much use in practice.

DRI3000

Posted Feb 13, 2013 12:37 UTC (Wed) by renox (subscriber, #23785) [Link]

> Who actually checks every time the visual clues for secure connections given in a web browser before entering data?

I do, thank you very much. With your reasonment one should remove those visual clues for secure connection? A bad idea.

> So, frankly, I don't think that the idea you advocate will be of much use in practice.

Being useful to those who do these checks is enough to make the feature useful in my opinion.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds