Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Screencopy security #5118

Closed
ya-isakov opened this issue Mar 17, 2020 · 10 comments
Closed

Screencopy security #5118

ya-isakov opened this issue Mar 17, 2020 · 10 comments

Comments

@ya-isakov
Copy link

Hello! I've realized that sway is breaking part of security model of Wayland, where other applications cannot see each other's windows. Sway is using screencopy manager from wlr, which allows any application, supporting screencopy protocol, to capture any part of the screen.
So, is it possible to allow user to restrict screencopy? Preferably with some dialog window, asking user's permission.
@emersion
Copy link
Member

Duplicate of #2333

@emersion emersion marked this as a duplicate of #2333 Mar 17, 2020
@ya-isakov
Copy link
Author

So, the idea is to run xdg-desktop-portal-wlr and grim from sway itself, via exec, right?

@emersion
Copy link
Member

xdg-desktop-portal-wlr is unrelated to our plans for security.

@ya-isakov
Copy link
Author

I mean, it's also a user of screencopy protocol, and if the proposed security will be in place, xdg-desktop-portal-wlr will not be able to access screencopy manager, if I understand correctly - only if it will be run from sway's exec.

@emersion
Copy link
Member

It's not yet clear how security will be implemented. We'll see.

@ya-isakov
Copy link
Author

Got it. Is there a way to completely disable screencopy/dma-buf, for now?

@emersion
Copy link
Member

emersion commented Mar 17, 2020
edited
Loading

I've been wondering about this. I think it would make sense to implement something like this in our config file. A rogue client that has write access to the config can do bad stuff anyway, like appending commands to ~/.profile.

@emersion
Copy link
Member

@ddevault has NACKed a config file command to change this, he wants to wait for the broader Wayland security story to be fixed before. A build option could be added instead.

@ddevault
Copy link
Contributor

To elaborate, I don't want to add new commands or config options or some similar such before we know how security as a whole is going to play out, because we'll have to support them forever and it's unlikely that we'd come up with a solution now that doesn't end up being inconsistent with our later work.

Build option to disable screencopy et al would be a great interim fix, though.

@ya-isakov
Copy link
Author

ya-isakov commented Mar 17, 2020
edited
Loading

I've applied custom patch, for now:

--- a/sway/server.c	2020-03-17 13:43:58.869424727 +0100
+++ b/sway/server.c	2020-03-17 13:44:10.268180142 +0100
@@ -132,8 +132,8 @@
 	wl_signal_add(&server->output_manager_v1->events.test,
 		&server->output_manager_test);
 
-	wlr_export_dmabuf_manager_v1_create(server->wl_display);
-	wlr_screencopy_manager_v1_create(server->wl_display);
+	//wlr_export_dmabuf_manager_v1_create(server->wl_display);
+	//wlr_screencopy_manager_v1_create(server->wl_display);
 	wlr_data_control_manager_v1_create(server->wl_display);
 	wlr_primary_selection_v1_device_manager_create(server->wl_display);

And yeah, build option would much better, as it will be more future-proof

@emersion emersion mentioned this issue Jul 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ya-isakov @emersion @ddevault