XDC2012: Graphics stack security
XDC2012: Graphics stack security
Posted Sep 26, 2012 19:06 UTC (Wed) by dlang (guest, #313)In reply to: XDC2012: Graphics stack security by dlang
Parent article: XDC2012: Graphics stack security
Server-side window decorations have the potential to label each window as to what app it is part of (users may still ignore the data, but at least it can't be faked by the app)
but if you either allow the client to tell the server what to label a window, or do client-side decorations where the client is in full control, it's impossible for the user to be able to trust any window completely.
Posted Sep 26, 2012 23:59 UTC (Wed)
by mupuf (subscriber, #86890)
[Link]
As you said, this is fixable with server-side decoration rendering but it isn't when the client renders everything. I guess we could actually display the name of the binary in the compositor when hovering the mouse on top of the application bar but that's not obvious to most users.
Posted Oct 1, 2012 4:38 UTC (Mon)
by raven667 (subscriber, #5198)
[Link] (1 responses)
IIUC applications can set their window title or argv[0] to anything they want and I don't think that's a feature that would likely be dropped making the point moot.
Posted Oct 1, 2012 8:51 UTC (Mon)
by renox (guest, #23785)
[Link]
And in a secure environement with server side decoration, this application's provided tittle can either be ignored or be added in addition to a color or text which provide the server's view of the application.
That said, one could have virtual desktop/environment which would group application by security level even with client side decoration, of course for single applications this is annoying..
XDC2012: Graphics stack security
XDC2012: Graphics stack security
XDC2012: Graphics stack security