On Monday, October 1, 2012 15:15:23 Martin Gräßlin wrote: > Am 01.10.2012 14:46, schrieb Aaron J. Seigo: > > the GL texture would be generated and updated by the window manager > > but used b > > other applications (e.g.the desktop shell). how to address such > > textures is > > platform specific (windows, mac, x11, etc) but it is a broadly > > available > > functionality and one _we_ only need to care about on a very select # > > of > > platforms. > > sharing OpenGL textures for the windows is an absolute no-go from the > security point of view in Wayland. See also > http://community.kde.org/KWin/Wayland_Development with some notes about > security I did during XDC.
btw, the untenability of this "restrict all the accesses by pushing it all into the windowmanager because of security" can perhaps be most easily seen with this entry on that page: "Screenshots need to be restricted to KWin. Solution: move KSnapshot to KWin, remove D-Bus interface for Screenshots" and gimp? and krita? and .. (IT help desks with existing software solutions are going to love this, too) try explaining to the owner of a laptop that they can no longer take screenshots except through the Desktop Environment Approved and Mandated user interface. "It's for your own good, security after all..." to which i (as such an owner) would tell that software, as politely as possible, to fuck off because this is my system which i own and will use as i wish. it (and by extension its authors) does not get to mandate to me application choice simply because i choose your window manager. it does not get to override my choices on my hardware because it thinks it knows better than me about my needs. it doesn't. (and conversely, i don't know better about your needs than you do.) the enemy of security is perfection. perfect security is the antithesis of ease of use and so people route around it. usually by picking things that are less secure but do what they want. as an owner of my hardware, however, i would be very happy to confirm that a given application may have access to a given service. i do this all the time on my mobile devices. i do it on my desktop for access to my wallet (though that is woefully insecure as an all-or-nothing access mechanism which the application can actually route around if it tries; this is an implementation defect, however, not an attribute of the concept). instead of trying to control UI choices and make the WM the dictator of how i can use my own property, i'd prefer to see a mechanism by which applications may be specifically blessed to have reasonable access to such services as "taking a snapshot". (i'll completely ignore anything about hardware related hacks as that is not really relevant within the scope of trying to ensure the graphics system doesn't leak privacy, but keeping the possibility of hardware hacks in mind relieves us of the fantasy that this security can ever be utterly impregnable.) -- Aaron J. Seigo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
