LibWSM: Wayland Security Modules For Better Wayland Security
When X.Org Foundation board member Martin Peres isn't busy hacking on the Nouveau open-source NVIDIA driver, he's often focusing on software security related work through his studies. One of his recent endeavors in trying to improve Linux security is working on a library for Wayland Security Modules (libWSM) to support security decision making on Wayland-based graphic stacks.
Martin Peres, who was also the organizer of this year's X.Org Developers' Conference (XDC2014 Bordeaux), presented his libWSM work that was done along with Steve Dodier-Lazaro. Here's how they describe libWSM: "a framework that supports security decision making on Wayland-based graphic stacks. It implements methods for expressing security decisions on privileged interfaces and an interface for security engineers to write backends. It is shipped with a default backend that allows per-user and per-application security policies. Those policies can be extended without limits to support per-compositor decisions, compositor-specific capabilities and even custom security decisions."
Some other security related updates made in recent time for the open-source Linux graphics stack include Intel figuring out per-process virtual address space support (the Nouveau and Radeon drivers already have such support), DRI3 uses DMA-BUF for buffer passing, and Wayland/Weston continue to be designed with security min mind -- compared to the X11 protocol that's unsecure by design.
Those wanting to learn more about the Wayland security work done by Martin Peres can read his XDC2014 PDF slides and find code to libWSM at GitHub.
Martin Peres, who was also the organizer of this year's X.Org Developers' Conference (XDC2014 Bordeaux), presented his libWSM work that was done along with Steve Dodier-Lazaro. Here's how they describe libWSM: "a framework that supports security decision making on Wayland-based graphic stacks. It implements methods for expressing security decisions on privileged interfaces and an interface for security engineers to write backends. It is shipped with a default backend that allows per-user and per-application security policies. Those policies can be extended without limits to support per-compositor decisions, compositor-specific capabilities and even custom security decisions."
Some other security related updates made in recent time for the open-source Linux graphics stack include Intel figuring out per-process virtual address space support (the Nouveau and Radeon drivers already have such support), DRI3 uses DMA-BUF for buffer passing, and Wayland/Weston continue to be designed with security min mind -- compared to the X11 protocol that's unsecure by design.
Those wanting to learn more about the Wayland security work done by Martin Peres can read his XDC2014 PDF slides and find code to libWSM at GitHub.
29 Comments