Rough outline of talk/discussion follows:
- Not covered
- Loadable module support for authentication methods. Could be done: provide registration function, call callback list passing connection setup information plus file descriptor; callback performs authentication entirely before returning decision to server.
- Xtrans improvements. XCB doesn't use it. Could make it an actual library. Is a filehandle a sufficient abstraction?
- XC-QUERY-SECURITY rework.
Fine-Grained Access Control
- Have a research paper; will post link.
Improved resource lookup functions: still thinking about the prototype for dixLookupResource. Not sure if the DixReadAccess/DixWriteAccess flags are useful or necessary.
- Use the resource system to store your module's objects.
- Don't multiplex different operations through the same protocol request.
Other Security Work of Note
Security error handling. Right now, the Security extension "hides" denials from the user by returning false information. I would like to see the server begin returning actual errors, preferably BadAccess.
- devPrivates rework. Currently have separate functions for each supported structure. Could standardize this into one set of functions.
Need to add devPrivates to additional structures: PropertyRec.
- Window labeling: currently exporting properties to window manager. Feature request: need secure area for showing labels.
- Secure handling of input events. Secure attention key support.
- Shared Display Wall