Announcement

Collapse
No announcement yet.

XWayland Initial Window Positioning Merged For Wayland's Weston

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by emblemparade View Post
    Guys, this applies only to Weston, not to Wayland in general. Every compositor needs to implement this on their own. So, if you're using GNOME, Mutter should be handling this.

    Weston is important as a reference compositor for Wayland: a place to test out Wayland features and ideas. These days, Weston is mostly run inside a window to test things. Also, Weston might be a useful compositor for tiny implementations in the embedded industry.
    Sounds like you are saying, that even apart from this not being a "compositing" functionality per se, that Mutter, for example, doesn't use libweston very much?

    Comment


    • #12
      Originally posted by emblemparade View Post
      Also, Weston might be a useful compositor for tiny implementations in the embedded industry.
      And after all, devices like that would never be prone to security vulnerabilities. There's no way your video camera, for example, could become part of a botnet that could be used to DDoS the internet, so it's unlikely anyone could exploit a backdoor in your in-car infotainment system and do anything nefarious, and interactive applications would never ask for your Facebook password anyway.

      Comment


      • #13
        Originally posted by bregma View Post
        it's unlikely anyone could exploit a backdoor in your in-car infotainment system and do anything nefarious
        That depends on the car infotainment system being used. Ideally it wouldn't be able to mess with the rest of the car but increasingly often they are putting things that manage actual car functions into these systems. Added to that is that the entire industy doesn't know how to program securely because they have never had to in the past and you've got an interesting case for things going terribly wrong.

        interactive applications would never ask for your Facebook password anyway.
        Unless they integrate a facebook login for some feature like a settings or data sync

        Comment


        • #14
          Originally posted by bregma View Post
          And after all, devices like that would never be prone to security vulnerabilities. There's no way your video camera, for example, could become part of a botnet that could be used to DDoS the internet, so it's unlikely anyone could exploit a backdoor in your in-car infotainment system and do anything nefarious, and interactive applications would never ask for your Facebook password anyway.
          Another great trollpost here too. Again same tactic as before. Embedded security issues come from the industry not giving a shit on average, so you can basically set up servers to auto-pwn any specific device that connects to the internet once you found how to pwn one of the same product line.

          Weston not being designed for max security is again irrelevant in this current situation.

          Comment


          • #15
            Originally posted by SpyroRyder View Post

            That depends on the car infotainment system being used. Ideally it wouldn't be able to mess with the rest of the car but increasingly often they are putting things that manage actual car functions into these systems. Added to that is that the entire industy doesn't know how to program securely because they have never had to in the past and you've got an interesting case for things going terribly wrong.
            Sure. That's why embedding known security flaws into reference implementations is a bad idea. People actually use those reference implementations in shipped software, usually under low-margin conditions where ongoing support is not anticipated -- exactly the situation that has lead to serious exploits in the past.
            Unless they integrate a facebook login for some feature like a settings or data sync
            Yeah, I get frustrated that sarcasm does not work on the internet. Slapping up a dialog box that looks like an actual password entry window is in fact a frequent and successful way to steal credentials, and the stolen credentials are not usually the system administrator’s password (although many times it also happens to be because most people do not engage extreme password hygiene and re-use passwords). There are plenty of assets to exploit beyond gaining root on a single device.

            The fact is people *will* have non-administrator password entry dialogs on connected devices, consumers don't check for the obscure hints that it's not legit, and if this Weston server is used complete with its known-exploitable security flaws in such a device, well, all your base are belong to us now.

            The internet is a harsh place filled with predators. Production-quality display servers like Kwin, Mutter, and Mir do not support this particular exploit by design. The Wayland protocol does not even support this directly. I think it's a mistake to add a known exploited flaw to the reference display server implementation that is a part of the Wayland project, because it will surface in the wild and bring an undeserved bad name to the Wayland project as a whole.

            Comment

            Working...
            X