plasma2 and ToolTipManager
Aaron J. Seigo
aseigo at kde.org
Mon Oct 1 13:51:20 UTC 2012
On Monday, October 1, 2012 15:15:23 Martin Gräßlin wrote:
> Am 01.10.2012 14:46, schrieb Aaron J. Seigo:
> > the GL texture would be generated and updated by the window manager
> > but used b
> > other applications (e.g.the desktop shell). how to address such
> > textures is
> > platform specific (windows, mac, x11, etc) but it is a broadly
> > available
> > functionality and one _we_ only need to care about on a very select #
> > of
> > platforms.
>
> sharing OpenGL textures for the windows is an absolute no-go from the
> security point of view in Wayland. See also
> http://community.kde.org/KWin/Wayland_Development with some notes about
> security I did during XDC.
btw, the untenability of this "restrict all the accesses by pushing it all
into the windowmanager because of security" can perhaps be most easily seen
with this entry on that page:
"Screenshots need to be restricted to KWin. Solution: move KSnapshot to KWin,
remove D-Bus interface for Screenshots"
and gimp? and krita? and .. (IT help desks with existing software solutions
are going to love this, too)
try explaining to the owner of a laptop that they can no longer take
screenshots except through the Desktop Environment Approved and Mandated user
interface. "It's for your own good, security after all..."
to which i (as such an owner) would tell that software, as politely as
possible, to fuck off because this is my system which i own and will use as i
wish. it (and by extension its authors) does not get to mandate to me
application choice simply because i choose your window manager. it does not
get to override my choices on my hardware because it thinks it knows better
than me about my needs. it doesn't. (and conversely, i don't know better about
your needs than you do.)
the enemy of security is perfection. perfect security is the antithesis of
ease of use and so people route around it. usually by picking things that are
less secure but do what they want.
as an owner of my hardware, however, i would be very happy to confirm that a
given application may have access to a given service. i do this all the time
on my mobile devices. i do it on my desktop for access to my wallet (though
that is woefully insecure as an all-or-nothing access mechanism which the
application can actually route around if it tries; this is an implementation
defect, however, not an attribute of the concept).
instead of trying to control UI choices and make the WM the dictator of how i
can use my own property, i'd prefer to see a mechanism by which applications
may be specifically blessed to have reasonable access to such services as
"taking a snapshot".
(i'll completely ignore anything about hardware related hacks as that is not
really relevant within the scope of trying to ensure the graphics system
doesn't leak privacy, but keeping the possibility of hardware hacks in mind
relieves us of the fantasy that this security can ever be utterly
impregnable.)
--
Aaron J. Seigo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20121001/bf011291/attachment.sig>
More information about the Plasma-devel
mailing list