From 8f518f958aa54e28741cb3a599c9701c0172b38f Mon Sep 17 00:00:00 2001 From: Manuel Stoeckl Date: Sun, 7 Feb 2021 14:35:28 -0500 Subject: [PATCH] Disrecommend the use of display socket name wayland-0 Connecting by default to wayland-0 when environment variables WAYLAND_DISPLAY/WAYLAND_SOCKET are not set can cause unexpected connections when more than one session is being used. Specifically, if you run a program from a non-Wayland context (over ssh, on a VT, in an X11 session, from a job scheduler), while some unrelated compositor is listening on wayland-0, the program may connect to the compositor and leave the user wondering what has happened. This commit adjusts the documentation to clarify that the wayland-0 fallback is kept "for compatibility reasons", implying that in typical use programs do not rely on it. The changes to the wayland-server documentation (+ publican docs) briefly explain why compositors should avoid providing wayland-0. To avoid breaking existing software, the fallback to wayland-0 has not been removed (and perhaps never will be). As part of this change, the wl_display_add_socket_auto function has been documented to describe its action as well as the recommended alternative of connecting to the first available socket in the sequence wayland-1, wayland-2, etc. Signed-off-by: Manuel Stoeckl --- doc/publican/sources/Protocol.xml | 9 ++++--- src/wayland-client.c | 3 ++- src/wayland-server.c | 43 ++++++++++++++++++++++++++++++- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/doc/publican/sources/Protocol.xml b/doc/publican/sources/Protocol.xml index 97e9ba29..a88d50ca 100644 --- a/doc/publican/sources/Protocol.xml +++ b/doc/publican/sources/Protocol.xml @@ -92,9 +92,12 @@ Wire Format The protocol is sent over a UNIX domain stream socket, where the endpoint - usually is named wayland-0 - (although it can be changed via WAYLAND_DISPLAY - in the environment). Beginning in Wayland 1.15, implementations can + is specified by the environment variable WAYLAND_DISPLAY. + (For compatibility reasons, if this environment variable is not set, + clients may try to connect to socket wayland-0. + As this behavior may lead to accidental connections, + compositors are recommended never to set WAYLAND_DISPLAY + to this value.) Beginning in Wayland 1.15, implementations can optionally support server socket endpoints located at arbitrary locations in the filesystem by setting WAYLAND_DISPLAY to the absolute path at which the server endpoint listens. diff --git a/src/wayland-client.c b/src/wayland-client.c index 21d46067..2aa745fc 100644 --- a/src/wayland-client.c +++ b/src/wayland-client.c @@ -1111,7 +1111,8 @@ wl_display_connect_to_fd(int fd) * * Connect to the Wayland display named \c name. If \c name is \c NULL, * its value will be replaced with the WAYLAND_DISPLAY environment - * variable if it is set, otherwise display "wayland-0" will be used. + * variable if it is set. For compatibility reasons, if WAYLAND_DISPLAY + * is not set, the value "wayland-0" will be used. * * If WAYLAND_SOCKET is set, it's interpreted as a file descriptor number * referring to an already opened socket. In this case, the socket is used diff --git a/src/wayland-server.c b/src/wayland-server.c index d83bdecd..c8338a71 100644 --- a/src/wayland-server.c +++ b/src/wayland-server.c @@ -1549,6 +1549,41 @@ _wl_display_add_socket(struct wl_display *display, struct wl_socket *s) return 0; } +/** Automatically pick a Wayland display socket for the clients to connect to. + * + * \param display Wayland display to which the socket should be added. + * \return The socket name if success. NULL if failed. + * + * This function is equivalent to calling, for %d ranging from 0 to 32, + * the function: + * + * \code{.c} + * wl_display_add_socket(display, "wayland-%d") + * \endcode + * + * and returning the name of the new socket as soon as a call succeeds. + * The string returned should not be modified or freed. + * + * Because this function first tries to register the Wayland display + * socket name "wayland-0", and clients (for compatibility reasons) try + * to connect to "wayland-0" if the environment variable WAYLAND_DISPLAY + * is not set, clients may connect by accident. As a result, this function + * is NOT recommended. Instead, compositors should explicitly + * try socket names starting at e.g. wayland-1; for example: + * + * \code{.c} + * for (int i = 1; i <= 32; i++) { + * char display_name[16] = ""; + * snprintf(display_name, sizeof display_name, "wayland-%d", i); + * if (wl_display_add_socket(display, display_name) == 0) { + * return strdup(display_name); + * } + * } + * return NULL; + * \endcode + * + * \memberof wl_display + */ WL_EXPORT const char * wl_display_add_socket_auto(struct wl_display *display) { @@ -1643,7 +1678,13 @@ wl_display_add_socket_fd(struct wl_display *display, int sock_fd) * * If NULL is passed as name, then it would look for WAYLAND_DISPLAY env * variable for the socket name. If WAYLAND_DISPLAY is not set, then default - * wayland-0 is used. + * wayland-0 is used. This fallback, kept for compatibility reasons, + * has two problems: 1) most clients will by default connect to wayland-0 + * if their environment does not contain WAYLAND_DISPLAY, and thus may + * connect to this socket by accident when run outside of a GUI; 2) some + * clients do not by default connect to wayland-0, and always require + * WAYLAND_DISPLAY to be set. Consequently, passing NULL in as an argument + * to this function is not recommended. * * If the socket name is a relative path, the Unix socket will be created in * the directory pointed to by environment variable XDG_RUNTIME_DIR. If