xdg-app and a11y (was Re: Our sandboxed apps won't really protect users)
Rui Tiago Cação Matos
tiagomatos at gmail.com
Thu Sep 17 12:16:29 UTC 2015
On Tue, Sep 15, 2015 at 6:17 PM, Michael Catanzaro <mcatanzaro at gnome.org> wrote:
> I chatted with Alejandro Piñeiro about this today. The at-spi2 socket
> is a total sandbox escape: it can be used to inspect the accessibility
> tree of arbitrary applications, send them keyboard input, etc. We can't
> allow access to it. Also we can't block it, since that breaks a11y. A
> design change will be required. It should be considered in tandem with
> the problem of supporting a11y under Wayland, since the design problem
> there is similar. The basic issue is that Wayland clients have no
> access to other Wayland clients (except through clipboard and drag-and
> -drop selections), which is a security feature of the Wayland protocol,
> but one that breaks much of a11y, gnome-screenshot, etc. a11y needs a
> way to give privileged applications such access, while limiting the
> access of unprivileged applications.
Just as a data point, recent OS X versions have a per-application
white list of apps which have access to the a11y APIs while older
versions (<= 10.8) had a global switch, see
http://mizage.com/help/accessibility.html
Rui
More information about the desktop
mailing list