Having a dialog asking if you want to allow an application to take a screenshot seems good in theory. However, as far as I’m aware, the implementation doesn’t provide any real security:
the screenshot can be accessed by any application regardless of which option is selected (see this)
xdg-desktop-portal-gnome runs as the user, meaning a malicious application could impersonate it and allow itself to take screenshots
Even if the first issue was fixed, the second problem still applies, and I don’t think it’s a problem that can be fixed since it’s easy to inject code into applications to make a screenshot (debuggers, LD_PRELOAD, etc).
Are my concerns valid or is there something I’m misunderstanding?
Hello, the portal is designed to be used from within a sandbox that can block access to folders, environment variables, and outside processes. You are correct that it provides no additional security when running without a sandbox.
Would it be better to add an option to disable the prompt in xdg-desktop-portal-gnome instead of xdg-desktop-portal and have some command line flag like --no-prompt? It seems like xdg-desktop-portal-gnome creates the actual prompt.
IMO, never showing a dialog and always allowing a permission for every app would defeat the purpose of having a portal. I can’t speak for the maintainers of xdg-desktop-portal-gnome however.
I guess you could make your own portal implementation that never shows dialogs, and manages permissions with a manually written configuration file, or something like that. Similar to a /etc/sudoers. But eventually you should be able to do that in xdg-desktop-portal-gnome if the upstream API lands, by editing the portal’s backing store.