Re: When wayland spreads it looks like no more running gui's as root.
- Date: Tue, 18 Apr 2017 10:27:51 +0200
- From: René J.V. Bertin <rjvbertin@xxxxxxxxx>
- Subject: Re: When wayland spreads it looks like no more running gui's as root.
On Tuesday April 18 2017 02:20:24 Duncan wrote:
>Wayland is, OTOH, designed with security in mind, to run as a normal
>user, and under normal circumstances, only the compositor will be able to
>globally read whats typed into other applications and their windows (and
>Now I'm not specifically sure about your headline claim, but it /does/
>stand to reason that with the higher wayland security, you may not be
>able to /directly/ run apps as another user (including root), like you
>can on X.
Why would that stand to reason? If Wayland preserves a few key design principles from X11 it should indeed be able to separate GUI events to and from applications just like the kernel can separate other kinds of events between running applications.
I understand this is already the case within applications run by a single user, it's no longer possible to do tricks like handing a Qt WId to a slave process like kwalletd so it presents a dialog as if the originating application posted it itself. Once you have that level of separation the question as what UID an application runs should actually be moot.