XDC2012: Graphics stack security
XDC2012: Graphics stack security
Posted Sep 28, 2012 19:13 UTC (Fri) by dlang (guest, #313)In reply to: XDC2012: Graphics stack security by mjthayer
Parent article: XDC2012: Graphics stack security
putting the cookie in one file and having all apps read it from that file would seem to match my criteria for a problem.
But there's nothing saying that you couldn't have a different cookie for each app, and then give different cookies different permissions.
this wouldn't be a matter of 'user this cookie for screenshots' type of thing, but a matter of 'application X was given cookie Y, application X is a screenshot app, so allow cookie Y to do screenshots'
Assuming apps do something sane and only read this cookie once at startup, you could replace the file they read it from with something that's an interface to an application that can use SCM_CREDENTIALS to find out what app is talking to it, and return different contents to different apps. You can then have that program either give a different cookie to every app, or make whatever policy decisions it wants about what cookies to give to different apps.
Posted Sep 28, 2012 19:28 UTC (Fri)
by mjthayer (guest, #39183)
[Link]
Quite right; in fact my mind was on the track of SETGID or similar applications, but thinking again that is probably not such a great idea in this context.
XDC2012: Graphics stack security
>
> putting the cookie in one file and having all apps read it from that file would seem to match my criteria for a problem.