| Summary: | Kwin should check the sandbox's app_id before using application submitted app_id. | ||
|---|---|---|---|
| Product: | [Plasma] kwin | Reporter: | Kimiblock Moe <kimiblock> |
| Component: | wayland-generic | Assignee: | KWin default assignee <kwin-bugs-null> |
| Status: | REOPENED --- | ||
| Severity: | normal | CC: | kde, nate |
| Priority: | NOR | ||
| Version First Reported In: | 6.3.3 | ||
| Target Milestone: | --- | ||
| Platform: | Arch Linux | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
Kimiblock Moe
2025-04-02 08:54:17 UTC
>Like GNOME, the app is shown as WeChat with WeChat's icon. Having gtk4-demo appear as wechat doesn't exactly sound right either! I would bet Gnome devs get bug reports on that too. It's always a tough balance when it comes to security and user-centric goals. Given we support client provided icons anyway, I'm not sure we gain too much from this. > Also without stable window mapping background portal can terminate applications mistakenly Was that something you saw with our portal? I didn't think we did that. > Having gtk4-demo appear as wechat doesn't exactly sound right either! I would bet Gnome devs get bug reports on that too. It's just a demo that applications inside the sandbox is able make themselves like they're another application's window, aka spoofing .desktop file name, which can be a security issue? > Was that something you saw with our portal? I didn't think we did that. Obsidian sandboxed by portable can be terminated incorrectly if the background permission is disabled. ๐๐งน โ ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME. For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging. Thank you for helping us make KDE software even better for everyone! ๐๐งน This bug has been in NEEDSINFO status with no change for at least 30 days. Closing as RESOLVED WORKSFORME. bump to Re Open Sorry to disturb. Had a little talk in [XDG Desktop Portals Matrix room], and I think preferring the sandbox supplied application ID is beneficial. It can eliminate generic "Wayland" icons, which is sometimes shown in the decoration or Alt Tab menu (and it's inconsistent). And it also fixes the problem that the background portal may terminate applications even it has visible window, because sometimes application and sandbox provide different APP IDs. Currently we are doing a D-Bus call in portable to make sure sandboxed application is able to run in the background, but that's not optimal IMO. As for the icon thing, the toplevel icon Wayland protocol may be more suitable. Had a discussion in KWin Matrix room yesterday, quoting @zamundaaa:kde.org: We could fall back to the sandbox app id when the one the app sets explicitly on the window is either nonsense or doesn't match to the sandbox Yes. `org.libreoffice.LibreOffice.Writer` should work if the sandbox app id is `org.libreoffice.LibreOffice` But zen-browser-portable could be ignored in favor of org.mozilla.zen https://matrix.to/#/!xdwRmYgjAuZSEhsheE:kde.org/$d1F2cNr07I1Xsgn0Tf_Sb705td4psW3-O_GiZsNK0ow?via=kde.org&via=matrix.org&via=im.kde.org I think this is the better approach to not only prevent spoofing but also allowing different apps inside the same sandbox. |