blob: 9a6664d51f9a76898a79f2c8c04e4c8edd98f508 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# Xorg Developer's Conference - Security Talk
Rough outline of talk/discussion follows:
## Security Advisories/Response
* Not covered
## X Authentication/Transport
* Loadable module support for authentication methods. Could be done: provide registration function, call callback list passing connection setup information plus file descriptor; callback performs authentication entirely before returning decision to server.
* Xtrans improvements. XCB doesn't use it. Could make it an actual library. Is a filehandle a sufficient abstraction?
* XC-QUERY-SECURITY rework.
## Fine-Grained Access Control
* Have a research paper; will post link.
* Improved resource lookup functions: still thinking about the prototype for dixLookupResource. Not sure if the DixReadAccess/DixWriteAccess flags are useful or necessary.
* Use the resource system to store your module's objects.
* Don't multiplex different operations through the same protocol request.
## Other Security Work of Note
* Security error handling. Right now, the Security extension "hides" denials from the user by returning false information. I would like to see the server begin returning actual errors, preferably BadAccess.
* devPrivates rework. Currently have separate functions for each supported structure. Could standardize this into one set of functions.
* Need to add devPrivates to additional structures: PropertyRec.
* Window labeling: currently exporting properties to window manager. Feature request: need secure area for showing labels.
* Secure handling of input events. Secure attention key support.
## Applications
* Shared Display Wall
|