logo

inaban

Distrustful Wayland Compositor (inspired by XMonad and dwm) git clone https://anongit.hacktivis.me/git/inaban.git/

security.md (1628B)


  1. <!--
  2. SPDX-FileCopyrightText: 2019-2022 inaban Authors <https://hacktivis.me/git/inaban>
  3. SPDX-License-Identifier: BSD-3-Clause
  4. -->
  5. # Security
  6. Until version 1.0 this serves as a roadmap.
  7. Report security issues via an email to <contact+inaban@hacktivis.me> with <https://hacktivis.me/reop.pub> as my reop public key.
  8. ## Design
  9. ### Focus
  10. - Keyboard & Pointer focus is synchronised (keyboard focus warps the pointer)
  11. - Applications cannot steal focus unless explicitely launched by the user
  12. ### Special Permissions
  13. Special permissions are needed for: Screen capturing/recording, app-requested fullscreen, snooping (including for accessibility purposes), monitor settings.
  14. - Because of linux's design, unless an application is registered and launched by the compositor a consent pop-in dialog is displayed
  15. ### Fullscreen
  16. - Applications can't fullscreen themselves (until proper process authentication on linux is discovered)
  17. ### Lockscreen
  18. - Inspired by <https://www.jwz.org/xscreensaver/toolkits.html>
  19. - Wayland clients compositing (input & graphics) is disabled while locked; this also means that screen recording gets refused or when already authorized gets blank output.
  20. - Normal applications get title/`app_id`/… displayed when Logo is pressed
  21. - Separated authentication process launched by the compositor
  22. - setuid-root is frowned upon, use TCB shadow
  23. - PAM is unsupported
  24. - Patches for OpenBSD Authentication are welcome
  25. - On success it returned a unique hash to stdout and returned 0
  26. - stderr for Error messages
  27. - Screensavers are unsupported for now, they could be handed a wayland file descriptor to connect to