Wayland Security Module Gets Prototyped By Tizen
Covered last year on Phoronix was LibWSM: Wayland Security Modules For Better Wayland Security. The Wayland Security Module library was presented last year at XDC2014 as a way of bettering the Wayland compositor security. While back then it was talked about as a possibility, a Tizen developer has been working on the WSM code to make it a working reality.
Manuel Bachmann of the Tizen Project is requesting comments on the code he's been working on for libWSM for handling of unprivileged clients wanting to access privileged interfaces.
Bachmann wrote on the new mailing list thread, "We know all this was possible with X11 due to protocol flaws. Wayland is a lot more secure, but there are still legitimate third-party clients wanting access to these privliegied features (such as the 'Pick a color from the screen' tool of GIMP) ! Unfortunately, Wayland Compositors have no generic way to validate them. So, how do we allow GIMP, for instance, to work ? libwsm lives in the compositor (eventually in a plugin) and is able to takes decisions based on various configurable policies. Policies can be shared among compositors."
The current code for this Wayland Security Module can be found on GitHub and embedded below is a video demo of the current WSM work.
It's great to see Wayland developers continuing to be proactive about security and learning from some of the security fails of X11/X.Org.
Manuel Bachmann of the Tizen Project is requesting comments on the code he's been working on for libWSM for handling of unprivileged clients wanting to access privileged interfaces.
Bachmann wrote on the new mailing list thread, "We know all this was possible with X11 due to protocol flaws. Wayland is a lot more secure, but there are still legitimate third-party clients wanting access to these privliegied features (such as the 'Pick a color from the screen' tool of GIMP) ! Unfortunately, Wayland Compositors have no generic way to validate them. So, how do we allow GIMP, for instance, to work ? libwsm lives in the compositor (eventually in a plugin) and is able to takes decisions based on various configurable policies. Policies can be shared among compositors."
The current code for this Wayland Security Module can be found on GitHub and embedded below is a video demo of the current WSM work.
It's great to see Wayland developers continuing to be proactive about security and learning from some of the security fails of X11/X.Org.
15 Comments