logo

inaban

Distrustful Wayland Compositor (inspired by XMonad and dwm) git clone https://hacktivis.me/git/inaban.git

security.md (1628B)

    

  1. <!--
  2. SPDX-FileCopyrightText: 2019-2022 inaban Authors <https://hacktivis.me/git/inaban>
  3. SPDX-License-Identifier: BSD-3-Clause
  4. -->
  6. # Security
  7. Until version 1.0 this serves as a roadmap.
  9. Report security issues via an email to <contact+inaban@hacktivis.me> with <https://hacktivis.me/reop.pub> as my reop public key.
  11. ## Design
  12. ### Focus
  13. - Keyboard & Pointer focus is synchronised (keyboard focus warps the pointer)
  14. - Applications cannot steal focus unless explicitely launched by the user
  16. ### Special Permissions
  17. Special permissions are needed for: Screen capturing/recording, app-requested fullscreen, snooping (including for accessibility purposes), monitor settings.
  19. - Because of linux's design, unless an application is registered and launched by the compositor a consent pop-in dialog is displayed
  21. ### Fullscreen
  22. - Applications can't fullscreen themselves (until proper process authentication on linux is discovered)
  24. ### Lockscreen
  25. - Inspired by <https://www.jwz.org/xscreensaver/toolkits.html>
  26. - Wayland clients compositing (input & graphics) is disabled while locked; this also means that screen recording gets refused or when already authorized gets blank output.
  27. - Normal applications get title/`app_id`/… displayed when Logo is pressed
  28. - Separated authentication process launched by the compositor
  29. 	- setuid-root is frowned upon, use TCB shadow
  30. 	- PAM is unsupported
  31. 	- Patches for OpenBSD Authentication are welcome
  32. 	- On success it returned a unique hash to stdout and returned 0
  33. 	- stderr for Error messages
  34. - Screensavers are unsupported for now, they could be handed a wayland file descriptor to connect to