[coyotos-dev] Window system security requirements
Jonathan S. Shapiro
shap at eros-os.com
Mon Aug 18 13:45:30 CDT 2008
On Mon, 2008-08-18 at 11:24 -0700, Charles Landau wrote:
> Jonathan S. Shapiro wrote:
> > On Sat, 2008-08-16 at 17:08 -0500, Trey Boudreau wrote:
> >> I would argue that ordinary programs probably should not have
> >> capabilities to the bring-to-front and send-to-back commands (or the
> >> window system could just ignore them).
> > In effect this would mean that ordinary programs could not open windows
> > at all.
> > Doesn't help.
> I don't follow that.
> Can't you have a design where
> (1) at one level, each application has its own set of windows, which it
> can open, close, and move to front or back (within its set), and
> (2) at a higher level, an application's entire set of windows can be
> brought to the front/back (compared to other applications) under control
> of a higher authority?
Hypothetically, yes. It doesn't help for two reasons:
1. It violates established usability expectations.
2. It doesn't really solve the problem, because there is a trivial
variant exploit using open/close of windows or moving windows by single
pixels, and those cannot realistically be eliminated in this way.
More information about the coyotos-dev