On 07/09/2015 02:19 AM, Jasper St. Pierre wrote:
Calling sandboxed_surface_manager.get_surface_for_id(); retrieves that surface and deletes the ID from the global namespace.
I thought about having the ID work only once like you propose, but I think this means that a client must be able to create unlimited ID's per object, and thus a malicious one can fill up the server's map from ID to object. The reason more than one ID is needed is so the client can launch more than one subclient and let them both use the same object.
Instead I think there can only be one ID for any object. The client that created the object can get the key once, repeated attempts are either protocol errors or return the same key. A client that uses a key to access the object is in the same state as a client that created the object and has already asked for the key. A client should only be able to use a key once (this is to prevent a client from opening unlimited numbers of interfaces to the object, it would have to open a different wayland pipe each time and that would probably hit a limit first).
_______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
