IRC meeting summary
Martin Gräßlin
mgraesslin at kde.org
Mon Sep 24 16:53:23 UTC 2012
On Monday 24 September 2012 12:45:22 Shaun Reich wrote:
> Could you please elaborate on what you mean by security issues?
X11 is extremely insecure, e.g.
* each window can eavesdrop the input to other windows
* each window can get the pixmap of other windows
* each window can get the position and stacking position of other windows
This can easily be used to attack the systems security. E.g. at XDC last week
a possible attack was described by rendering a window on top of the Firefox
location bar and by that faking that you are really on your bank account.
Many of these issues are gone with the switch to wayland, but KWin and Plasma
add backdoors again. E.g. KWin provides a D-Bus interface to generate
screenshots of any window.
There are many more such issues and we have to be very careful to not break
the security here. This is actually quite a change given that X11 has been so
insecure that whatever we did, it could not create harm. Now we have to
consider this (I'm rather glad that I had a rather good security education).
Cheers
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20120924/56237269/attachment.sig>
More information about the Plasma-devel
mailing list