D29407: ScreenshotEffect: Use Service Property to authorize screenshot without confirmation

Méven Car noreply at phabricator.kde.org
Fri May 15 15:58:48 BST 2020


meven added a comment.


  In D29407#668061 <https://phabricator.kde.org/D29407#668061>, @meven wrote:
  
  > It has been reminded me that this solution to have some security rest entirely on the guarantees offered by $XDG_DATA_DIRS.
  >  Same can be said about X-KDE-Wayland-Interfaces.
  >
  > But currently I believe this does not constitutes a strong security model.
  >  A malicious executable could manufacture a fake $XDG_DATA_DIRS, add an application folder in it and a desktop file for its executable, trigger kbuildsyscoca5 and then use any of the restricted interfaces.
  >  We would need further to restrict path for which we would consider the desktop file, for instance, like only root owned path.
  
  
  And if you have any suggestion regarding this.
  In relation to this, `wayland_server.cpp` has a isTrustedOrigin function that checks using a hash if the executable matches the own in `/proc/<pid>/exe`

REPOSITORY
  R108 KWin

REVISION DETAIL
  https://phabricator.kde.org/D29407

To: meven, #kwin, apol, davidedmundson, bport, zzag
Cc: ngraham, kwin, Orage, cacarry, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, mkulinski, ragreen, jackyalcine, iodelay, crozbo, bwowk, ZrenBot, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20200515/45ffa154/attachment.htm>


More information about the kwin mailing list