[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-panel-devel
Subject:    Re: Re: IRC meeting summary
From:       Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= <mgraesslin () kde ! org>
Date:       2012-09-24 16:53:23
Message-ID: 1403606.Odluq4zXFJ () martin-desktop
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Monday 24 September 2012 12:45:22 Shaun Reich wrote:
> Could you please elaborate on what you mean by security issues?
X11 is extremely insecure, e.g.
* each window can eavesdrop the input to other windows
* each window can get the pixmap of other windows
* each window can get the position and stacking position of other windows

This can easily be used to attack the systems security. E.g. at XDC last week 
a possible attack was described by rendering a window on top of the Firefox 
location bar and by that faking that you are really on your bank account.

Many of these issues are gone with the switch to wayland, but KWin and Plasma 
add backdoors again. E.g. KWin provides a D-Bus interface to generate 
screenshots of any window.

There are many more such issues and we have to be very careful to not break 
the security here. This is actually quite a change given that X11 has been so 
insecure that whatever we did, it could not create harm. Now we have to 
consider this (I'm rather glad that I had a rather good security education).

Cheers
Martin
["signature.asc" (application/pgp-signature)]

_______________________________________________
Plasma-devel mailing list
Plasma-devel@kde.org
https://mail.kde.org/mailman/listinfo/plasma-devel


[prev in list] [next in list] [prev in thread] [next in thread]