Announcement

Collapse
No announcement yet.

GNOME's Mutter Adds Support For Launching "Trusted Clients" On Wayland

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    Mani
    Phoronix Member

  • Mani
    replied
    I still don’t get in which regard this is a better approach than wlroots‘ layer-shell protocol

    Leave a comment:

  • tildearrow
    Senior Member

  • tildearrow
    replied
    Originally posted by uid313 View Post
    Trusted by whom?

    Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
    Or this for the system to be trusted by the application developer to keep me away?

    Is this to prevent me from taking screenshots or doing video capture?
    Trusted by them to keep you away.

    ​​​​​​No, it is not to prevent screenshots or svreen recording. Ugh uid why do you

    Leave a comment:

  • Alexmitter
    Senior Member

  • Alexmitter
    replied
    It is surprising how little people here seem to actually read the article.
    Wayland is very specific on how windows can controls their size, shape and position(also top or bottom position layers), they can't. They have to talk with the compositor and he will control that for the application. This MR is just the mechanism on how this should be handled in Gnome. A Trusted task is a task that has the ability to request to be on bottom and may act as desktop icons or be on top and may work like a dock.

    Leave a comment:

  • kpedersen
    Senior Member

  • kpedersen
    replied
    Originally posted by frank007
    I think the time for a much better and completely free GUI libs is passed. We all are now slave to the gtk+/- libs.
    Not at all. You choose to use Wayland.

    Remember, Wayland is just a protocol (so useless on its own). So you in effect have tied yourself down to Gnome3/Wayland. So it is hardly a surprise you are now a "slave to Gtk+". It is like saying that you want to use "Modern" Win32. You will be a slave to Metro.

    In short... Don't choose incorrectly and you will be fine

    Leave a comment:

  • starshipeleven
    Premium Supporter

  • starshipeleven
    replied
    Originally posted by horizonbrave View Post
    I didn't understand a thing in the article but all this talking about child windows makes me wonder if there's a case for updating the COC regarding the use of the "child" wording


    That said, I wouldn't mind if someone changed the OOM killer of Linux kernel to stop saying things like "sacrifice child"
    Code:
    Out of memory: Kill process 7429 (java) score 259 or sacrifice child

    Leave a comment:

  • ssokolow
    Senior Member

  • ssokolow
    replied
    Originally posted by Danny3 View Post
    It wouldn't surprise me at all if we see some crap from Canonical like something wrapped in Snap trusted by default.
    Doubtful. That would ruin the whole point of this model of trust because "snap = trusted" would take you right back to the X11 days of "arbitrary applications doing arbitrary things they're not supposed to".

    Originally posted by Danny3 View Post
    I would metaphorically throw my computer out of the window if I'm recording my desktop for some tutorial to show others how to to something and all of a sudden a trusted app opens up and breaks that.
    Again, wrong model. This is about "Unless the compositor launches it in a trusted context, it can't do these things". Think of it as more analogous to the "Run as Administrator" context menu entry on Windows, but without the API for an application to request privilege escalation of its own volition.

    Originally posted by Danny3 View Post
    No program on my computer does the "My way or the highway with me" !
    The whole point of this is to force your will on applications more thoroughly, by ensuring that all kinds of applications are implementable under a "no permissions not explicitly granted by the user" model.

    Why are there so many things that still can't be implemented on Wayland, like xdotool? Because Wayland compositor developers have taken the stance that, until they've written a new API that keeps the user in control, users who need those programs can stay on X11.

    Leave a comment:

  • rastersoft
    Senior Member

  • rastersoft
    replied
    Originally posted by uid313 View Post
    Trusted by whom?

    Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
    Or this for the system to be trusted by the application developer to keep me away?

    Is this to prevent me from taking screenshots or doing video capture?
    This patch allows to give specific window privileges (like painting the desktop icons, creating docks, or building desktop bars) only to those applications specifically allowed by the user. This is: if the user wants to have icons in the desktop and installs an specific program for that, only THAT program chosen by the user will be allowed to paint the icons (which is an operation that only should be allowed to be done by code trusted by the user) but no others programs, thus ensuring that if, for any reason, there is also a malicious program that tries to fake a desktop and cheat the user, it can't.

    Currently only Gnome Shell extensions have those window privileges.

    I hope this explains better what this patch is about.

    Leave a comment:

  • horizonbrave
    Senior Member

  • horizonbrave
    replied
    I didn't understand a thing in the article but all this talking about child windows makes me wonder if there's a case for updating the COC regarding the use of the "child" wording

    Leave a comment:

  • Volta
    Senior Member

  • Volta
    replied
    Originally posted by Danny3 View Post

    Every program is pretty much allowed to do anything, no boundaries, no limits, no permission asking.

    I had to put a tape on the webcam because there absolutely nothing to protect my privacy from the programs who want to access it without my permissions.
    There's a config option in Gnome and according to its description you can dissallow applications to use the camera. On the other front the 'high level security' means nothing. You can set whatever you want, but you still have to put a tape on your camera when using Windows.

    Leave a comment:

  • Danny3
    Senior Member

  • Danny3
    replied
    Originally posted by uid313 View Post
    Trusted by whom?

    Is this for applications to be trusted by me that they are secure and don't betray me and protect me and my system?
    Or this for the system to be trusted by the application developer to keep me away?

    Is this to prevent me from taking screenshots or doing video capture?
    Really good questions.

    I wanted to ask the same for the first question!

    It wouldn't surprise me at all if we see some crap from Canonical like something wrapped in Snap trusted by default.

    Or some internet giants like Netflix does their own app which will be trusted and you, as the user will be untrusted, even though you're the owner of the computer.

    I would metaphorically throw my computer out of the window if I'm recording my desktop for some tutorial to show others how to to something and all of a sudden a trusted app opens up and breaks that.

    While the computer will be out only metaphorically, the desktop environment who allows this will go to trash bin immediately.

    No program on my computer does the "My way or the highway with me" !

    In any case high level security on the Linux desktop is nothing more than a complete joke.

    Every program is pretty much allowed to do anything, no boundaries, no limits, no permission asking.

    I had to put a tape on the webcam because there absolutely nothing to protect my privacy from the programs who want to access it without my permissions.

    This "trust everything" is defnitely good, but also making programs trusted by anyone other than the user of the computer.

    Leave a comment:

Working...
X