On Tue, 2010-11-09 at 16:59 -0500, Matthew Miller wrote: > On Tue, Nov 09, 2010 at 04:35:33PM -0500, Adam Jackson wrote: > > What kind of attack are you trying to prevent, and how do you envision > > that interacting with the window system? > > The classic is a hostile remote binary which secretly maps a full-screen > transparent window and captures everything you do in your other windows. It's a little tough to do that in wayland, period. In general apps don't get to know (or control) their screen position or the stacking order. That's the compositor's decision. Likewise (I think) for input event delivery, although I'm not as familiar with that bit. Still: that'd be a definition detail for whatever the remoting protocol ends up being. Things like RDP simply do not let you remote invisible input capture surfaces, it's just not there. It's hard though, because wayland surfaces can have an alpha channel, and the only way to look at a surface and know it's transparent is to inspect every fourth byte... bit expensive that. But you might like to be able to remote windows the size of the screen for the x-terminal kind of use case, but still want to be able to cut/paste between remote and local apps... so you need some IPC, but you probably don't want full input thunking. Not intractable, just subtle. - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
