Purpose of screenshot dialog in xdg-desktop-portal-gnome?

Having a dialog asking if you want to allow an application to take a screenshot seems good in theory. However, as far as I’m aware, the implementation doesn’t provide any real security:

  • the screenshot can be accessed by any application regardless of which option is selected (see this)
  • xdg-desktop-portal-gnome runs as the user, meaning a malicious application could impersonate it and allow itself to take screenshots

Even if the first issue was fixed, the second problem still applies, and I don’t think it’s a problem that can be fixed since it’s easy to inject code into applications to make a screenshot (debuggers, LD_PRELOAD, etc).

Are my concerns valid or is there something I’m misunderstanding?

Hello, the portal is designed to be used from within a sandbox that can block access to folders, environment variables, and outside processes. You are correct that it provides no additional security when running without a sandbox.

Is there a way to disable the dialog?

I don’t think so, but there was a feature request for it, that is waiting for somebody to implement it: Screenshot portal without prompt · Issue #649 · flatpak/xdg-desktop-portal · GitHub

Would it be better to add an option to disable the prompt in xdg-desktop-portal-gnome instead of xdg-desktop-portal and have some command line flag like --no-prompt? It seems like xdg-desktop-portal-gnome creates the actual prompt.

IMO, never showing a dialog and always allowing a permission for every app would defeat the purpose of having a portal. I can’t speak for the maintainers of xdg-desktop-portal-gnome however.

I guess you could make your own portal implementation that never shows dialogs, and manages permissions with a manually written configuration file, or something like that. Similar to a /etc/sudoers. But eventually you should be able to do that in xdg-desktop-portal-gnome if the upstream API lands, by editing the portal’s backing store.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.