There's no code I can show you that would be any more convincing than just looking at the code to the X server and then looking at the code to any wayland implementation. There's not anything particularly special about…
I was familiar with that documentation around 10 years ago, please stop making these assumptions and please stop dismissing what I have to say. The documentation is irrelevant, I'm talking about the server source code.…
As someone who has done both, I respectfully disagree.
It's not wrong, it's not FUD, and that doesn't change anything. The only working plugin is the SELinux one. If you can't use that, you have to rebuild an entire new security architecture... which is what they had to do…
There isn't really much difference. It's about the same amount of work either way to ship an extension. In Wayland, you make the extension, then you patch every compositor, every toolkit and every application. In X11,…
XACE doesn't solve it. As mentioned elsewhere, that's dependent on SELinux. The idea with Wayland is to make things more secure everywhere, and not just on systems that have a particular LSM.
I completely disagree with everything in your comment. Wayland is an attempt by some developers to fix some longstanding issues with X11. They know what the new issues are and there is active work being done in preserve…
Dbus won't allow it because you have to switch to that user before it lets you connect. You would have to have whatever is doing the access running as root and then change its user. There's not really any magic here,…
I'm sorry about the throwaway, it's a long story. You're crossing a security boundary trying to access other users' GUI programs. The session bus is for programs that are private to the user's session. Accessing that is…
Yes it can, why wouldn't it? You can make a program that connects to more than one bus. Though that would probably be crossing a security boundary. The simple way to make multi-user services is to just deploy them on…
You just kill the process, which causes the file descriptor to close. Cancelling the inhibitor lock by other means wouldn't do much, there's no way to get out of that situation without forcibly shutting the process down…
Dbus is mostly just a message queue for Unix sockets. Think Kafka or SQS but only for local services.
>a protocol prescribes exactly the intersection of all implementations. That's a better way to put it and that's more what I was getting at.
I hope someone comes along to review those, but I don't see there being much interest in it.
Everything you're saying is... mostly what's been happening? It's not impossible to have consensus. You're missing my point which is that people were trying various solutions since 2008, and there just wasn't any…
There's plenty of ways to securely multiplex Ethernet devices. You don't give your web server read access to all TCP ports being used by other services for example. You only let it open the HTTP ports. There are of…
I mean, no, it's not the fault of Weston developers that other implementors decided do their own thing. I asked this before but what could they have done? Putting tons and tons of things in the spec wouldn't really have…
The usual place those permission dialogs have gone is the flatpak portal, which is separate from Wayland. Someone would have to implement it there.
Any implementor always has permission to do their own thing, that's the point of making a second implementation. Putting something in a spec somewhere doesn't make it mandatory or guarantee it will be implemented. They…
I don't see how I am, and I don't understand your point. The reference implementation had screenshots. The other implementors decided not to copy that and did their own thing. What more could the Weston developers have…
You misunderstand, it was only Weston that was started in 2008, and it had screenshots back then. I'm talking about those other implementations, they didn't really stabilize and start aiming to have feature parity until…
Most developer activity related to Linux graphics is in dri-devel, it's been like this for quite a while. The X development channels have been mostly dead outside of discussion of XWayland. I doubt you'll see anyone…
These aren't excuses, there are no other parties at play here. Weston was the first implementation. GNOME and KDE were the next implementations. They could have chosen to copy Weston's implementation, thus making those…
That's one way to do it, it's probably not the best way but it would work if you were planning to sidestep Wayland security completely. You could make it user controllable with dbus and then make a GUI to talk to it.
That seems like the reverse of the way it's always been on Linux, where there are only developers and no users...
There's no code I can show you that would be any more convincing than just looking at the code to the X server and then looking at the code to any wayland implementation. There's not anything particularly special about…
I was familiar with that documentation around 10 years ago, please stop making these assumptions and please stop dismissing what I have to say. The documentation is irrelevant, I'm talking about the server source code.…
As someone who has done both, I respectfully disagree.
It's not wrong, it's not FUD, and that doesn't change anything. The only working plugin is the SELinux one. If you can't use that, you have to rebuild an entire new security architecture... which is what they had to do…
There isn't really much difference. It's about the same amount of work either way to ship an extension. In Wayland, you make the extension, then you patch every compositor, every toolkit and every application. In X11,…
XACE doesn't solve it. As mentioned elsewhere, that's dependent on SELinux. The idea with Wayland is to make things more secure everywhere, and not just on systems that have a particular LSM.
I completely disagree with everything in your comment. Wayland is an attempt by some developers to fix some longstanding issues with X11. They know what the new issues are and there is active work being done in preserve…
Dbus won't allow it because you have to switch to that user before it lets you connect. You would have to have whatever is doing the access running as root and then change its user. There's not really any magic here,…
I'm sorry about the throwaway, it's a long story. You're crossing a security boundary trying to access other users' GUI programs. The session bus is for programs that are private to the user's session. Accessing that is…
Yes it can, why wouldn't it? You can make a program that connects to more than one bus. Though that would probably be crossing a security boundary. The simple way to make multi-user services is to just deploy them on…
You just kill the process, which causes the file descriptor to close. Cancelling the inhibitor lock by other means wouldn't do much, there's no way to get out of that situation without forcibly shutting the process down…
Dbus is mostly just a message queue for Unix sockets. Think Kafka or SQS but only for local services.
>a protocol prescribes exactly the intersection of all implementations. That's a better way to put it and that's more what I was getting at.
I hope someone comes along to review those, but I don't see there being much interest in it.
Everything you're saying is... mostly what's been happening? It's not impossible to have consensus. You're missing my point which is that people were trying various solutions since 2008, and there just wasn't any…
There's plenty of ways to securely multiplex Ethernet devices. You don't give your web server read access to all TCP ports being used by other services for example. You only let it open the HTTP ports. There are of…
I mean, no, it's not the fault of Weston developers that other implementors decided do their own thing. I asked this before but what could they have done? Putting tons and tons of things in the spec wouldn't really have…
The usual place those permission dialogs have gone is the flatpak portal, which is separate from Wayland. Someone would have to implement it there.
Any implementor always has permission to do their own thing, that's the point of making a second implementation. Putting something in a spec somewhere doesn't make it mandatory or guarantee it will be implemented. They…
I don't see how I am, and I don't understand your point. The reference implementation had screenshots. The other implementors decided not to copy that and did their own thing. What more could the Weston developers have…
You misunderstand, it was only Weston that was started in 2008, and it had screenshots back then. I'm talking about those other implementations, they didn't really stabilize and start aiming to have feature parity until…
Most developer activity related to Linux graphics is in dri-devel, it's been like this for quite a while. The X development channels have been mostly dead outside of discussion of XWayland. I doubt you'll see anyone…
These aren't excuses, there are no other parties at play here. Weston was the first implementation. GNOME and KDE were the next implementations. They could have chosen to copy Weston's implementation, thus making those…
That's one way to do it, it's probably not the best way but it would work if you were planning to sidestep Wayland security completely. You could make it user controllable with dbus and then make a GUI to talk to it.
That seems like the reverse of the way it's always been on Linux, where there are only developers and no users...