Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> any random executable having access to your $HOME is a terrible terrible practice.

Running random executables is the only terrible practice here. If I run "cat" over a file on my $HOME, then I expect to see its contents, regardless of which program wrote the file. Similarly, if a program writes pixels on my screen, then I expect to be able to screenshot them.

Conversely, if I write a file in my $HOME, then I expect that other programs that I run will be able to read it. Similarly, if I write pixels on my screen, I should not be surprised that my other programs can read them.

Call me conspiracist, but this silly wayland security theater seems like a side of a multi-pronged attack to destroy the very principles of unix. First, screens; then, files. But you know what? You'll pry fopen and fread from my cold, dead hands!



> Similarly, if a program writes pixels on my screen, then I expect to be able to screenshot them.

You can screenshot it. Zoom or whatever else can’t do so without calling the respective APIs with the respective security policy (which by default is: giving you a popup to allow the request)

Have you seen my linked thread? Ok, let’s say `cat` works on behalf of you. Does `apt`, `npm` etc also do what it does on behalf of you? The problem is not only third-party code, but third-party data — any bug in the program can hijack the whole program at which point it no longer works on your behalf.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: