<table><tr><td style="">meven added a comment.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D29407">View Revision</a></tr></table><br /><div><div><blockquote style="border-left: 3px solid #8C98B8;
color: #6B748C;
font-style: italic;
margin: 4px 0 12px 0;
padding: 8px 12px;
background-color: #F8F9FC;">
<div style="font-style: normal;
padding-bottom: 4px;">In <a href="https://phabricator.kde.org/D29407#668061" style="background-color: #e7e7e7;
border-color: #e7e7e7;
border-radius: 3px;
padding: 0 4px;
font-weight: bold;
color: black;text-decoration: none;">D29407#668061</a>, <a href="https://phabricator.kde.org/p/meven/" style="
border-color: #f1f7ff;
color: #19558d;
background-color: #f1f7ff;
border: 1px solid transparent;
border-radius: 3px;
font-weight: bold;
padding: 0 4px;">@meven</a> wrote:</div>
<div style="margin: 0;
padding: 0;
border: 0;
color: rgb(107, 116, 140);"><p>It has been reminded me that this solution to have some security rest entirely on the guarantees offered by $XDG_DATA_DIRS.<br />
Same can be said about X-KDE-Wayland-Interfaces.</p>
<p>But currently I believe this does not constitutes a strong security model.<br />
A malicious executable could manufacture a fake $XDG_DATA_DIRS, add an application folder in it and a desktop file for its executable, trigger kbuildsyscoca5 and then use any of the restricted interfaces.<br />
We would need further to restrict path for which we would consider the desktop file, for instance, like only root owned path.</p></div>
</blockquote>
<p>And if you have any suggestion regarding this.<br />
In relation to this, <tt style="background: #ebebeb; font-size: 13px;">wayland_server.cpp</tt> has a isTrustedOrigin function that checks using a hash if the executable matches the own in <tt style="background: #ebebeb; font-size: 13px;">/proc/<pid>/exe</tt></p></div></div><br /><div><strong>REPOSITORY</strong><div><div>R108 KWin</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D29407">https://phabricator.kde.org/D29407</a></div></div><br /><div><strong>To: </strong>meven, KWin, apol, davidedmundson, bport, zzag<br /><strong>Cc: </strong>ngraham, kwin, Orage, cacarry, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, mkulinski, ragreen, jackyalcine, iodelay, crozbo, bwowk, ZrenBot, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, ahiemstra, mart<br /></div>