How the wayland server and the shell are going to share (or agree to) that file descriptors or secrets in the first place? Or how can you ensure that the shell is not a rogue one?
> How the wayland server and the shell are going to share (or agree to) that file descriptors or secrets in the first place?
I read that GNOME just implements both in the same program (and calls it "shell").
> Or how can you ensure that the shell is not a rogue one?
I'm confused. Do you mean this kind of attack would become somewhat more probable or more dangerous if the original shell had some mechanism of allowing certain apps to pick colors?
The reason that Wayland (or X11) protocol uses Unix sockets for communications is because there is not a hierarchical relationship between a client process and the server process (they can be even from different user "sessions"). Also, a client can be launched from anywhere, including a "shell" such as a /bin/bash interactive session.
I read that GNOME just implements both in the same program (and calls it "shell").
> Or how can you ensure that the shell is not a rogue one?
I'm confused. Do you mean this kind of attack would become somewhat more probable or more dangerous if the original shell had some mechanism of allowing certain apps to pick colors?