Announcement

Collapse
No announcement yet.

GNOME's Mutter Adds Support For Launching "Trusted Clients" On Wayland

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • GNOME's Mutter Adds Support For Launching "Trusted Clients" On Wayland

    Phoronix: GNOME's Mutter Adds Support For Launching "Trusted Clients" On Wayland

    Merged to GNOME's Mutter compositor is an API for Wayland to allow the launching of trusted clients...

    http://www.phoronix.com/scan.php?pag...-Wayland-Trust

  • #2
    Great stuff. An extensions dev now doing upstream work.

    Comment


    • #3
      Trusted by whom?

      Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
      Or this for the system to be trusted by the application developer to keep me away?

      Is this to prevent me from taking screenshots or doing video capture?

      Comment


      • #4
        Originally posted by uid313 View Post
        Trusted by whom?

        Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
        Or this for the system to be trusted by the application developer to keep me away?

        Is this to prevent me from taking screenshots or doing video capture?
        It's to implement what the Wayland protocol designers promised way back in the beginning... that cross-desktop protocols for things like screenshot tools would be re-created in the Wayland world by having a method where the risky APIs were only exposed to applications you granted permission to.

        ...sure took them their sweet time.

        Comment


        • #5
          Originally posted by 144Hz View Post
          Great stuff. An extensions dev now doing upstream work.
          It really is. See, I use this other desktop software -- I don't believe I gotta mention its name -- I can help feeling a little envious when I'm reading certain GNOME news these days.

          I see GNOME is into the whole child labor thing too

          Comment


          • #6
            Originally posted by uid313 View Post
            Trusted by whom?

            Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
            Or this for the system to be trusted by the application developer to keep me away?

            Is this to prevent me from taking screenshots or doing video capture?
            This allows to create extensions that launch a child process, and when that process creates a window, the extension can confirm in a secure way that the window really belongs to that process launched by it,
            Ownership verification. To see if it trusts itself.

            To allow you to take screenshots and doing video capture

            Here's what Michael left out:

            Several examples of the usefulness of this are that, with it, it is possible to write programs that implements:

            - desktop icons
            - a dock
            - a top or bottom bar
            ...

            all in a secure manner, avoiding insecure programs to do the same. In fact, even if the same code is launched manually, it won't have those privileges, only the specific process launched from inside mutter.

            Comment


            • #7
              Originally posted by uid313 View Post
              Trusted by whom?

              Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
              Or this for the system to be trusted by the application developer to keep me away?

              Is this to prevent me from taking screenshots or doing video capture?
              Taking screenshots or video capture is still use the pipewire and the dbus screencast interface. This Trusted Clients does not change this in fact Trusted Client if it wanted to screenshot or video capture they have to use the same thing as this interface does not in fact give access to compositor output.

              This is to allow desktop icons, docker... and so on to be moved out to individual applications outside the main compositor. Of course done this way some random not approved program cannot go and replace the desktop icons, docker... Core wayland really restricts what kind of windows applications can request. This gives trusted applications extra types of windows they can request over and above the base protocol of wayland.

              If trusted method does take off between compositors could make those who want to mix and match docker from one solution with the wayland compositor from another and so on happier.

              This could be party that libinput telling about lag forces this to be address as well to get stuff out the main compositor loop and into sub programs.

              Comment


              • #8
                Originally posted by uid313 View Post
                Trusted by whom?

                Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
                Or this for the system to be trusted by the application developer to keep me away?

                Is this to prevent me from taking screenshots or doing video capture?
                Really good questions.

                I wanted to ask the same for the first question!

                It wouldn't surprise me at all if we see some crap from Canonical like something wrapped in Snap trusted by default.

                Or some internet giants like Netflix does their own app which will be trusted and you, as the user will be untrusted, even though you're the owner of the computer.

                I would metaphorically throw my computer out of the window if I'm recording my desktop for some tutorial to show others how to to something and all of a sudden a trusted app opens up and breaks that.

                While the computer will be out only metaphorically, the desktop environment who allows this will go to trash bin immediately.

                No program on my computer does the "My way or the highway with me" !

                In any case high level security on the Linux desktop is nothing more than a complete joke.

                Every program is pretty much allowed to do anything, no boundaries, no limits, no permission asking.

                I had to put a tape on the webcam because there absolutely nothing to protect my privacy from the programs who want to access it without my permissions.

                This "trust everything" is defnitely good, but also making programs trusted by anyone other than the user of the computer.

                Comment


                • #9
                  Originally posted by Danny3 View Post

                  Every program is pretty much allowed to do anything, no boundaries, no limits, no permission asking.

                  I had to put a tape on the webcam because there absolutely nothing to protect my privacy from the programs who want to access it without my permissions.
                  There's a config option in Gnome and according to its description you can dissallow applications to use the camera. On the other front the 'high level security' means nothing. You can set whatever you want, but you still have to put a tape on your camera when using Windows.

                  Comment


                  • #10
                    I didn't understand a thing in the article but all this talking about child windows makes me wonder if there's a case for updating the COC regarding the use of the "child" wording

                    Comment

                    Working...
                    X