D29407: ScreenshotEffect: Use Service Property to authorize screenshot without confirmation
Méven Car
noreply at phabricator.kde.org
Fri May 15 15:58:48 BST 2020
meven added a comment.
In D29407#668061 <https://phabricator.kde.org/D29407#668061>, @meven wrote:
> It has been reminded me that this solution to have some security rest entirely on the guarantees offered by $XDG_DATA_DIRS.
> Same can be said about X-KDE-Wayland-Interfaces.
>
> But currently I believe this does not constitutes a strong security model.
> A malicious executable could manufacture a fake $XDG_DATA_DIRS, add an application folder in it and a desktop file for its executable, trigger kbuildsyscoca5 and then use any of the restricted interfaces.
> We would need further to restrict path for which we would consider the desktop file, for instance, like only root owned path.
And if you have any suggestion regarding this.
In relation to this, `wayland_server.cpp` has a isTrustedOrigin function that checks using a hash if the executable matches the own in `/proc/<pid>/exe`
REPOSITORY
R108 KWin
REVISION DETAIL
https://phabricator.kde.org/D29407
To: meven, #kwin, apol, davidedmundson, bport, zzag
Cc: ngraham, kwin, Orage, cacarry, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, mkulinski, ragreen, jackyalcine, iodelay, crozbo, bwowk, ZrenBot, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20200515/45ffa154/attachment.htm>
More information about the kwin
mailing list