plasma2 and ToolTipManager

Mon Oct 1 23:57:47 UTC 2012

On Mon, Oct 1, 2012 at 11:57 AM, Martin Gräßlin <mgraesslin at kde.org> wrote:
> On Monday 01 October 2012 15:51:20 Aaron J. Seigo wrote:
>> On Monday, October 1, 2012 15:15:23 Martin Gräßlin wrote:
>> > Am 01.10.2012 14:46, schrieb Aaron J. Seigo:
>> > > the GL texture would be generated and updated by the window manager
>> > > but used b
>> > > other applications (e.g.the desktop shell). how to address such
>> > > textures is
>> > > platform specific (windows, mac, x11, etc) but it is a broadly
>> > > available
>> > > functionality and one _we_ only need to care about on a very select #
>> > > of
>> > > platforms.
>> >
>> > sharing OpenGL textures for the windows is an absolute no-go from the
>> > security point of view in Wayland. See also
>> > http://community.kde.org/KWin/Wayland_Development with some notes about
>> > security I did during XDC.
>>
>> btw, the untenability of this "restrict all the accesses by pushing it all
>> into the windowmanager because of security" can perhaps be most easily seen
>> with this entry on that page:
>>
>> "Screenshots need to be restricted to KWin. Solution: move KSnapshot to
>> KWin, remove D-Bus interface for Screenshots"
>>
>> and gimp? and krita? and .. (IT help desks with existing software solutions
>> are going to love this, too)
> Please note that this was a quick note and a quick idea taking during a
> presentation about security on windowing systems.
>
> Why does it not mention krita or gimp? Because I did not think about them. I
> don't use such applications, did not know that they allow taking screenshots
> and only thought of ksnapshot. Later on during the discussion the gimp usecase
> was mentioned and the solution to that is probably having a standardized way
> to ask the compositor for a screenshot.
>
> This interface between applications and compositors would probably require
> from the compositor to ask the user whether he really wants to have the
> screenshot passed to the application: "Krita is requesting a screenshot of
> window foo. Do you agree? (link to userbase explaining the security)"

this sounds oddly similar to Vista/7's "Cancel or Allow", so i can't
help but cringe at the thought of this.

>
> That is something I personally consider as very annoying, but if we want to
> have the security that malware can not take screenshots of the application and
> fake a user interface, we have to go that way.

taking screenshots isn't the only method of faking a UI though. you
see it all the time on the web where *cough* pr0n sites have a
facebook-like chat image, or various malware will make themselves look
like say..windows explorer, or windows defender, or whatever (since
users are pretty easily convinced when they see something familiar
looking).

> It's a solution I consider as sufficient for applications like Krita or gimp,
> but not for something like KSnapshot. There a nag-dialog is extremely stupid
> considering that the user used a global shortcut to trigger the interface.

right, that -would- be annoying ;)

> It just seemed logical to me, that we take that as a service into the
> compositor to simplify the code in both KWin and KSnapshot. If you look at the
> fact that KWin currently contains 300 lines of code just for KSnapshot and
-snip-
> But overall with my current knowledge of the system I would say that it's most
> useful to move KSnapshot into KWin.
>>
>> try explaining to the owner of a laptop that they can no longer take
>> screenshots except through the Desktop Environment Approved and Mandated
>> user interface. "It's for your own good, security after all..."
> note: it might be possible to have a screenshot interface.

i agree with aaron here, i can't help but think of how restrictive
this makes things seem. for example, for many - ksnapshot is pretty
useless. it's great for me because i generally only need to grab a
quick rect of the screen, or all 3 monitors at once(aka fullscreen),
but e.g. other snapshot programs are much more extensive when it comes
to taking vast amounts of screenshots. e.g. automated numbering and
tons of other stuff. there's gnome-screenshot for instance (though i
think that ones basically ksnapshot), screenie-composer and shutter.

shutter is pretty complicated, and i'm not sure how they do it (i'm
sure you know more), but it soudns like this would break entirely and
kwin would become the Only Screenshotter, except i  can probably
guarantee we would never have all of these features exposed. It has
the ability to screenshot a tooltip, cascading menu, which window
(selecting from a dropdown), which VD you want to cap..i believe
there's a Windows app that is more powerful, even.

would this stuff be now broken and useless because of us? how would it
get fixed? kind of afraid of the "oh, well it's broken on kde because
they broke our app". or would they require the Cancel/Allow idea of
yours?

just some more thoughts to toss around ...

-- 
Shaun Reich,
KDE Software Developer (kde.org)