From kde-panel-devel Mon Sep 24 16:53:23 2012 From: Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= Date: Mon, 24 Sep 2012 16:53:23 +0000 To: kde-panel-devel Subject: Re: Re: IRC meeting summary Message-Id: <1403606.Odluq4zXFJ () martin-desktop> X-MARC-Message: https://marc.info/?l=kde-panel-devel&m=134850561129145 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============4425098383204035464==" --===============4425098383204035464== Content-Type: multipart/signed; boundary="nextPart1887587.pCZnYQ63to"; micalg="pgp-sha1"; protocol="application/pgp-signature" Content-Transfer-Encoding: 7Bit --nextPart1887587.pCZnYQ63to Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Monday 24 September 2012 12:45:22 Shaun Reich wrote: > Could you please elaborate on what you mean by security issues? X11 is extremely insecure, e.g. * each window can eavesdrop the input to other windows * each window can get the pixmap of other windows * each window can get the position and stacking position of other windows This can easily be used to attack the systems security. E.g. at XDC last week a possible attack was described by rendering a window on top of the Firefox location bar and by that faking that you are really on your bank account. Many of these issues are gone with the switch to wayland, but KWin and Plasma add backdoors again. E.g. KWin provides a D-Bus interface to generate screenshots of any window. There are many more such issues and we have to be very careful to not break the security here. This is actually quite a change given that X11 has been so insecure that whatever we did, it could not create harm. Now we have to consider this (I'm rather glad that I had a rather good security education). Cheers Martin --nextPart1887587.pCZnYQ63to Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEABECAAYFAlBgkAMACgkQqVXwidMiVrpT2ACeNhYltNqWAGbPYHjzU8E4PPMn RS4AoJsHNPJX6WPIl2JnLosRRii1Bz9g =fQnD -----END PGP SIGNATURE----- --nextPart1887587.pCZnYQ63to-- --===============4425098383204035464== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel --===============4425098383204035464==--