The status of Wayland security

Posted Mar 13, 2014 17:14 UTC (Thu) by dgm (subscriber, #49227)
In reply to: The status of Wayland security by SLi
Parent article: The status of Wayland security

In fact, I believe that for Wayland the best route will be exactly opposite: a screen locker needs no user input at all, it should only put pretty graphics on screen. Let the compositor lock the screen and ask for user input.

The status of Wayland security

Posted Mar 13, 2014 17:58 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

> a screen locker needs no user input at all, it should only put pretty graphics on screen

I suppose that would depend on what you mean by "screen locker". I would define the screen locker as the program responsible for authenticating the user and unlocking the screen. Regardless of whether that task is built into the same binary as the compositor or outsourced to a privileged helper program, the "screen saver" portion could be left to an unprivileged process with no access to user input. There may well be good reason--privilege separate, flexibility, customization--to separate the authentication part from the compositor. That doesn't mean the purely decorative portion of the lock screen stack needs to be similarly privileged.