privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-11-12 17:22:40 +00:00
Code Issues Activity

update: screencopy documentation in Linux Overview (#3144)

Browse Source 
Even on Gnome, a single dbus call allows applications outside of
sandboxes to overwrite their permissions in the portal permission
store. A sandbox that is supported by portals for identifying apps is
also required: otherwise, a malicious app could trivially spoof a name
on the bus. Currently, only Flatpak and Snap are subclasses of the
XdpAppInfo class, required for xdg-desktop-portal to be able to
identify a client.

Privileged Wayland protocols are also not an issue. KDE's kwin requires
that applications have an entry in a system-installed desktop file[1],
meaning that random crap can't simply capture the screen, and Flatpak
supports the security-context-v1 protocol, which is used to filter
access to these privileged protocols[2].

An example of the dbus call for Gnome:
dbus-send --session --print-reply=literal --dest=org.freedesktop.impl.portal.PermissionStore /org/freedesktop/impl/portal/PermissionStore org.freedesktop.impl.portal.PermissionStore.SetPermission string:'screenshot' boolean:true string:'screenshot' string:'' array:string:'yes'

[1] https://github.com/KDE/kwin/blob/master/src/wayland_server.cpp#L129-L134
[2] f0e626a4b6

Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
Signed-off-by: Daniel Nathan Gray <dngray@privacyguides.org>
This commit is contained in:
Rahul Sandhu
2025-11-10 13:02:40 +00:00
committed by Daniel Gray
parent 0cc8ce0beb
commit 49d627d740
1 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/os/linux-overview.md
View File

@@ -118,19 +118,9 @@ Additionally, some distributions will not download firmware updates automaticall
### Permission Controls
Desktop environments (DEs) that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. However, not all DEs take full advantage of Wayland's architectural security improvements.
Desktop environments that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. Moreover, we *generally* recommend installing and using applications which are sandboxed such as those obtained via **Flatpak**. Flatpak supports the [`security-context-v1`](https://github.com/flatpak/flatpak/pull/4920) protocol and the ability to filter D-Bus protocols, which allow Flatpak to properly identify apps for the purpose of sandboxing them through permission controls.[^1] Conversely, applications outside sandboxes are free to perform privileged actions such as capturing your screen, either by [overwriting the portal permission store](https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7#note_1112260), or [making use of privileged Wayland protocols](https://github.com/swaywm/sway/pull/7648#issuecomment-2507730794).
For example, GNOME has a notable edge in security compared to other DEs by implementing permission controls for third-party software that tries to [capture your screen](https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943). That is, when a third-party application attempts to capture your screen, you are prompted for your permission to share your screen with the app.
<figure markdown>
![Screenshot permissions](../assets/img/linux/screenshot_permission.png){ width="450" }
<figcaption>GNOME's screenshot permission dialog</figcaption>
</figure>
Many alternatives don't provide these same permission controls yet,[^1] while some are waiting for Wayland to implement these controls upstream.[^2]
[^1]: KDE currently has an open proposal to add controls for screen captures: <https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7>
[^2]: Sway is waiting to add specific security controls until they "know how security as a whole is going to play out" in Wayland: <https://github.com/swaywm/sway/issues/5118#issuecomment-600054496>
[^1]: This exposes a reliable way for Wayland compositors to get identifying information about a client. Compositors can then apply security policies if desirable. [https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4](https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4)
## Privacy Tweaks