Could an api be added so that one client can "give" access to an object
to another client? This would allow a single secure client to implement
all the rules for what is allowed to be a screen saver, rather than
having the rules be in the compositor.
What I thought was something like this:
- "secure" client gets the object id for the screen shooter api
- It can ask the compositor for a "key" to this id. This is a big
random-looking number
- It then sends this key (using any method it wants, such as argv to
exec) to a client that does not have any more privledges other than
being able to connect to the wayland compositor.
- This client sends the key in a new request to the compositor
- If the key is one it recently generated, the compositor responds with
something much like the global registry events, giving the type and id
of the same object. Otherwise it responds with an error.
- Client can now use the screen shooter object.
This does not really solve the screen shooter problem, but perhaps moves
it somewhere more convenient.
I also think this api would be useful so that a parent client can create
a subsurface and then pass it to a child executable to draw into. This
appears a lot simpler than the proposed mechanism where the child
creates the subsurface.
Speaking from a user pov:
If the user wants to run a screen saver app they downloaded, then when
they run it the first time it should pop up a dialog saying "this app
wants to be able to take images of the screen" and if the user hits ok
it runs. Anything more complicated than that, including anything
requiring the screen shooter to be "installed" or giving it setuid, is
unacceptable.
_______________________________________________
wayland-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
