plasma2 and ToolTipManager

Aaron J. Seigo aseigo at kde.org
Mon Oct 1 13:51:20 UTC 2012 

On Monday, October 1, 2012 15:15:23 Martin Gräßlin wrote:
> Am 01.10.2012 14:46, schrieb Aaron J. Seigo:
> > the GL texture would be generated and updated by the window manager
> > but used b
> > other applications (e.g.the desktop shell). how to address such
> > textures is
> > platform specific (windows, mac, x11, etc) but it is a broadly
> > available
> > functionality and one _we_ only need to care about on a very select #
> > of
> > platforms.
> 
> sharing OpenGL textures for the windows is an absolute no-go from the
> security point of view in Wayland. See also
> http://community.kde.org/KWin/Wayland_Development with some notes about
> security I did during XDC.

btw, the untenability of this "restrict all the accesses by pushing it all 
into the windowmanager because of security" can perhaps be most easily seen 
with this entry on that page:

"Screenshots need to be restricted to KWin. Solution: move KSnapshot to KWin, 
remove D-Bus interface for Screenshots"

and gimp? and krita? and .. (IT help desks with existing software solutions 
are going to love this, too)

try explaining to the owner of a laptop that they can no longer take 
screenshots except through the Desktop Environment Approved and Mandated user 
interface. "It's for your own good, security after all..."

to which i (as such an owner) would tell that software, as politely as 
possible, to fuck off because this is my system which i own and will use as i 
wish. it (and by extension its authors) does not get to mandate to me 
application choice simply because i choose your window manager. it does not 
get to override my choices on my hardware because it thinks it knows better 
than me about my needs. it doesn't. (and conversely, i don't know better about 
your needs than you do.)

the enemy of security is perfection. perfect security is the antithesis of 
ease of use and so people route around it. usually by picking things that are 
less secure but do what they want.

as an owner of my hardware, however, i would be very happy to confirm that a 
given application may have access to a given service. i do this all the time 
on my mobile devices. i do it on my desktop for access to my wallet (though 
that is woefully insecure as an all-or-nothing access mechanism which the 
application can actually route around if it tries; this is an implementation 
defect, however, not an attribute of the concept).

instead of trying to control UI choices and make the WM the dictator of how i 
can use my own property, i'd prefer to see a mechanism by which applications 
may be specifically blessed to have reasonable access to such services as 
"taking a snapshot".

(i'll completely ignore anything about hardware related hacks as that is not 
really relevant within the scope of trying to ensure the graphics system 
doesn't leak privacy, but keeping the possibility of hardware hacks in mind 
relieves us of the fantasy that this security can ever be utterly 
impregnable.)

-- 
Aaron J. Seigo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20121001/bf011291/attachment.sig>

More information about the Plasma-devel mailing list