DRI3000
DRI3000
Posted Feb 12, 2013 18:11 UTC (Tue) by tshow (subscriber, #6411)In reply to: DRI3000 by renox
Parent article: LCA: The X-men speak
So my malicious application requests a window with no decorations and draws its own fake title bar. You have to allow undecorated windows unless you don't want to be able to do things like panels. There's no fixing this without breaking useful functionality.
Posted Feb 12, 2013 21:57 UTC (Tue)
by renox (guest, #23785)
[Link] (2 responses)
Posted Feb 13, 2013 8:15 UTC (Wed)
by ibukanov (subscriber, #3942)
[Link] (1 responses)
It would be a big oversight in the design of wayland if the server could not do that...
Posted Feb 13, 2013 8:42 UTC (Wed)
by renox (guest, #23785)
[Link]
I don't know if this is a big oversight in Wayland's design or not,
Posted Feb 13, 2013 8:09 UTC (Wed)
by ibukanov (subscriber, #3942)
[Link] (5 responses)
One just need to restrict undecorated windows to few trusted applications that are a part of a secure GUI. Done right it would not restrict any useful functionality. For example, a trusted panel still can show status icons and notifications from untrusted applications. And even watching full-screen movies should be possible as window decorations indicating the trust level can appear on any user input.
Posted Feb 13, 2013 10:10 UTC (Wed)
by tnoo (subscriber, #20427)
[Link] (4 responses)
How would this work in a tiling window manager (xmonad, awesome, etc)? These are so great because they don't waste any pixels on useless mostly decorations.
Posted Feb 13, 2013 10:18 UTC (Wed)
by renox (guest, #23785)
[Link]
Posted Feb 13, 2013 10:53 UTC (Wed)
by ibukanov (subscriber, #3942)
[Link] (2 responses)
Some pixels has to be wasted to provide fast visual clues about a trust level. With tiling one can try to color just one edge or a corner of the application in a semi-transparent way to communicate the trust.
Without always present visual clues for passwords one can try to require to press a special trusted key that brings a password-entering GUI that always properly decorate the window. But then one may forget to enter that special key...
Posted Feb 13, 2013 11:42 UTC (Wed)
by tnoo (subscriber, #20427)
[Link] (1 responses)
So, frankly, I don't think that the idea you advocate will be of much use in practice.
Posted Feb 13, 2013 12:37 UTC (Wed)
by renox (guest, #23785)
[Link]
I do, thank you very much. With your reasonment one should remove those visual clues for secure connection? A bad idea.
> So, frankly, I don't think that the idea you advocate will be of much use in practice.
Being useful to those who do these checks is enough to make the feature useful in my opinion.
DRI3000
Either you loose transparent panels or implement some fixed functionality in the compositor (the way the screensaver is implemented in the compositor) or you need a way for the server to be able to distinguish between trusted clients and the other one, I don't know if this is possible..
DRI3000
DRI3000
> It would be a big oversight in the design of wayland if the server could not do that...
but AFAIK this isn't a part of Wayland's design currently: the "clients" which needs privileges(screen capture, screen locker, visual keyboards) are implemented in the server instead.
DRI3000
DRI3000
DRI3000
DRI3000
DRI3000
There are even some people who provide their credentials (for bank or computer accounts) in emails from a "system administrator".
DRI3000