Request for comments on security of authentication/authorisation UIs
Steve Dodier-Lazaro
sidnioulz at gmail.com
Wed Mar 26 23:39:30 CET 2014
Hi Alistair,
I'm quite aware that the core Xfce apps (panels, desktop, etc.) don't run
on Wayland and so I'm not really questioning the development agenda of Xfce
and whether there is any interest in switching over to Wayland -- that's a
bit off topic.
By "the XFCE way of doing things" I mean the emphasis on flexibility, as
XFCE is quite specific about ensuring that each and every of its core
components can be used standalone. Given that (and setting aside all the
compositor/libwnck issues), do core XFCE devs agree with Martin and I that
there should be some form of restriction to interfaces like using video and
audio devices, impersonating input devices, capturing other windows'
content, etc?
If they do, how would they get around doing that on a XFCE ecosystem? Would
they want a LSM to take care of that completely independently of the DE, or
would they write their own UI for managing privileged clients and a daemon
in charge of distributing permissions? I think my questions are more in
those lines.
Thanks,
2014-03-26 20:56 GMT+00:00 Alistair Buxton <a.j.buxton at gmail.com>:
> Hi,
>
> Xfce is fundamentally incompatible with Wayland due to the restrictive
> nature of the API. This means none of the Xfce shell can function
> inside any Wayland compositor without being completely rewritten.
> Specifically this is because there is no way to make libwnck function
> inside any Wayland compositor and no way for Wayland clients to manage
> windows (either their own or others). As such the question of how
> authorization dialogs function is completely irrelevant at this time.
> I don't really understand what you are even asking when you say "what
> would fit within the XFCE way of doing things?" - the answer is
> currently "anything that involves Wayland will not fit."
>
> On 26 March 2014 14:29, Steve Dodier-Lazaro <sidnioulz at gmail.com> wrote:
> > Hello,
> >
> > Currently on the Wayland ML, a bunch of devs are discussing security
> issues
> > [0,1] and the need to restrict userland processes' privileges to e.g.,
> take
> > screenshots, act as virtual keyboards or read keyboard events for other
> > apps, etc (basically introducing privileged interfaces that require
> explicit
> > user authorisation). We've also been discussing how the introduction of
> > Wayland allows for redesigning and securing authentication and
> authorisation
> > UIs.
> >
> > This has led me to question the way authorisation and authentication are
> > currently done, and to write a couple of proposed requirements for both
> > tasks. I'd be very keen on hearing the opinions of various DE developers
> > (including of course XFCE :) ) on a blog post I've written [2], that
> focuses
> > a lot on the infrastructure needs (both in Wayland and desktop
> > environments). I'd also like to debate UX aspects of authorisation and
> > authentication UIs. In XFCE so far we haven't had any need for
> authorisation
> > UIs, and been pretty much using polkit for any auth need as far as I can
> > tell. Given the proposals I made (which really are ideas that need
> > experimentation and refinement), what would fit within the XFCE way of
> doing
> > things? How would you guys implement auth{orisation,entication} dialogs
> in
> > XFCE if you had to do it? Can you spot any missing technical
> requirements in
> > the post? Anything you disagree with and want me to review?
> >
> > Thanks,
> >
> > [0]
> >
> http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html
> > [1]
> >
> http://mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/
> > [2] http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/
> > --
> > Steve Dodier-Lazaro
> > PhD Student in Information Security
> > University College London
> > Free Software Developer
> > OpenPGP : 1B6B1670
> >
> > _______________________________________________
> > Xfce4-dev mailing list
> > Xfce4-dev at xfce.org
> > https://mail.xfce.org/mailman/listinfo/xfce4-dev
>
>
>
> --
> Alistair Buxton
> a.j.buxton at gmail.com
> _______________________________________________
> Xfce4-dev mailing list
> Xfce4-dev at xfce.org
> https://mail.xfce.org/mailman/listinfo/xfce4-dev
>
--
Steve Dodier-Lazaro
PhD Student in Information Security
University College London
Free Software Developer
OpenPGP : 1B6B1670
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20140326/aa53c4c6/attachment.html>
More information about the Xfce4-dev
mailing list