XDC2012: Graphics stack security

Posted Sep 28, 2012 9:15 UTC (Fri) by mjthayer (guest, #39183)
In reply to: XDC2012: Graphics stack security by dlang
Parent article: XDC2012: Graphics stack security

> There's nothing inherently wrong with cookies, just with the permissions being the same for all apps from a single user.

If you put the cookie in a file in the user's home directory, as is done for the current X server cookies then yes. If you imagine different cookies for different privileges (reading from the screen, sending input events, whatever) there is no reason why there should not be different mechanisms for the clients which need them to obtain them. For example you could put them in global files readable only to a particular user group, or you could use DBus and PolicyKit to pass them (just an example, as I know that DBus and remote X don't get along very well at present), or even both.

XDC2012: Graphics stack security

Posted Sep 28, 2012 19:13 UTC (Fri) by dlang (guest, #313) [Link] (1 responses)

I said that the problem was with the permissions being the same for all apps from a single user.

putting the cookie in one file and having all apps read it from that file would seem to match my criteria for a problem.

But there's nothing saying that you couldn't have a different cookie for each app, and then give different cookies different permissions.

this wouldn't be a matter of 'user this cookie for screenshots' type of thing, but a matter of 'application X was given cookie Y, application X is a screenshot app, so allow cookie Y to do screenshots'

Assuming apps do something sane and only read this cookie once at startup, you could replace the file they read it from with something that's an interface to an application that can use SCM_CREDENTIALS to find out what app is talking to it, and return different contents to different apps. You can then have that program either give a different cookie to every app, or make whatever policy decisions it wants about what cookies to give to different apps.

XDC2012: Graphics stack security

Posted Sep 28, 2012 19:28 UTC (Fri) by mjthayer (guest, #39183) [Link]

> I said that the problem was with the permissions being the same for all apps from a single user.
>
> putting the cookie in one file and having all apps read it from that file would seem to match my criteria for a problem.

Quite right; in fact my mind was on the track of SETGID or similar applications, but thinking again that is probably not such a great idea in this context.