graesslin added a comment.
I'm the author of this interface and I consider it nowadays as a mistake to have added it. If I would restart I would do the whole thing differently: input events need to be injected through a kernel module in a dedicated input device. It would need a user space component which processes can talk to and that would need to be secured though e.g. polkit. Thus we could properly authenticate. This protocol does not support it and KWin does not even try to authenticate. Overall from security perspective this is a mess. REPOSITORY R127 KWayland REVISION DETAIL https://phabricator.kde.org/D18114 To: jgrulich, davidedmundson, graesslin, zzag Cc: graesslin, zzag, kde-frameworks-devel, michaelh, ngraham, bruns
