On Fri, 3 Nov 2017 12:47:39 +0200 Pekka Paalanen <ppaala...@gmail.com> said:
> On Fri, 3 Nov 2017 11:04:27 +0100 (CET) > Jan Engelhardt <jeng...@inai.de> wrote: > > > On Friday 2017-11-03 10:37, Pekka Paalanen wrote: > > > > > >> Summary of (individual) proposals follows. > > >> > > >> >- modify WAYLAND_DISPLAY to support absolute paths which overrides > > >> > any search paths > > >> > > >> - introduce new WAYLAND_SOCKET > > >> - modify WAYLAND_DISPLAY to reject '/' > > > > > >What would be the functional difference to WAYLAND_DISPLAY accepting > > >absolute paths? Why would a different environment variable make a > > >difference? > > > > Well because you cannot establish for certain that people have or have not > > already used WAYLAND_DISPLAY=/newsock in the concatenation sense. > > > > (Depending on who you ask and how much weight they give to it, > > breaking application interfaces is out of the question. That's all.) > > Ah, that, ok. I thought this was about the security stuff you referred > to. But given the same rationale, we cannot forbid / in WAYLAND_DISPLAY > either. security here i think is a red herring. i can effectively trick libwayland-client to connect to an abs path by setting XDG_RUNTIME_DIR AND WAYLAND_DISPLAY. so ... effectively same thing. it will force all xdg runtime stuff to be in that same dir... but i think abs path for wl display specifically being a security issue is a red herring, unless there is something none of us can think of. then we have the problem already with runtime dir env var and wl display too like above. -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- Carsten Haitzler - ras...@rasterman.com _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
