D22571: Allow blacklisting some wayland interfaces
Fabian Vogt
noreply at phabricator.kde.org
Wed Jul 24 11:27:34 BST 2019
fvogt added a comment.
IMO there should be a clear warning or error message if and why a request was declined.
Currently this would break use of those interfaces from sandboxes and inside containers, others can do whatever they want to anyway (if they were "evil" it's already game-over).
INLINE COMMENTS
> wayland_server.cpp:252
> +
> + if (client->executablePath().isEmpty()) {
> + return false;
Looking at `/proc/pid/*` requires ptrace permissions, which aren't always available and containerization technologies usually block those.
REPOSITORY
R108 KWin
REVISION DETAIL
https://phabricator.kde.org/D22571
To: apol, #plasma, #kwin
Cc: fvogt, zzag, broulik, graesslin, davidedmundson, kwin, LeGast00n, fmonteiro, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20190724/5fa1592d/attachment.html>
More information about the kwin
mailing list