| apol | |
| davidedmundson | |
| bport | |
| zzag |
| KWin |
Restrict to process with X-KDE-DBUS-Restricted-Interfaces=org.kde.kwin.Screenshot in their corresponding Service file,
to take screenshots.
Such a program can now take immediate screenshots.
Adds a utility file to group KService related logic.
Needed for D29408
| No Linters Available |
| No Unit Test Coverage |
| Buildable 26506 | |
| Build 26524: arc lint + arc unit |
| effects/screenshot/screenshot.cpp | ||
|---|---|---|
| 79 ↗ | (On Diff #81883) | But this is not a wayland interface, is it? :/ |
| effects/screenshot/screenshot.cpp | ||
|---|---|---|
| 79 ↗ | (On Diff #81883) | I am abusing things here by using the same X-KDE-Wayland-Interfaces for authorized Wayland protocol and DBUS interface. |
TODO:
remove X-KDE-Original-Executable
use KApplicationTrader::query instead of KServiceTypeTrader
Probably add support for a X-KDE-DBus-Restricted-Interfaces in services_utils
Use KApplicationTrader instead of KServiceTypeTrader, differentiate DBus and Wayland interface
It has been reminded me that this solution to have some security rest entirely on the guarantees offered by $XDG_DATA_DIRS.
Same can be said about X-KDE-Wayland-Interfaces.
But currently I believe this does not constitutes a strong security model.
A malicious executable could manufacture a fake $XDG_DATA_DIRS, add an application folder in it and a desktop file for its executable, trigger kbuildsyscoca5 and then use any of the restricted interfaces.
We would need further to restrict path for which we would consider the desktop file, for instance, like only root owned path.
Improve naming of fetchRequestedWaylandInterfaces
| service_utils.h | ||
|---|---|---|
| 46 ↗ | (On Diff #81883) | I tried to do it, but I encountered errors. |
And if you have any suggestion regarding this.
In relation to this, wayland_server.cpp has a isTrustedOrigin function that checks using a hash if the executable matches the own in /proc/<pid>/exe
| service_utils.h | ||
|---|---|---|
| 49 ↗ | (On Diff #81883) | We might want to tolerate non-absolute path for simplicity provided the exe are first in path. if (!service->exec()->isAbsolute() {
exec = QStandardPaths::findExecutable(service->exec()) |
| effects/screenshot/screenshot.cpp | ||
|---|---|---|
| 79 ↗ | (On Diff #81883) | This is not a proper d-bus interface name. |
| effects/screenshot/screenshot.cpp | ||
|---|---|---|
| 79 ↗ | (On Diff #81883) | I am well-aware. This is a key that application's desktop file must declare in a X-KDE-DBUS-Restricted-Interfaces field. So I should rename and add some comments, I guess. |
In general, +1. I'm not certain about what a better place to put the new service utilities is, though. Perhaps it's better to move them to libkwineffects or something. Either way, it can be revisited later...
| service_utils.h | ||
|---|---|---|
| 39 ↗ | (On Diff #81883) | We're going to use wrong logging caterogy if code below is invoked from the screenshot effect. |
| service_utils.h | ||
|---|---|---|
| 39 ↗ | (On Diff #81883) | I should pass in the log category I guess. |
| service_utils.h | ||
|---|---|---|
| 39 ↗ | (On Diff #81883) | or maybe just print the log messages somewhere else. |
| service_utils.h | ||
|---|---|---|
| 44 ↗ | (On Diff #81883) | string should be "kwin_utils" I believe. |