WebKit For Metacity/Mutter CSS Theming? 124
An anonymous reader writes "As Metacity (the GNOME window manager) evolves into Mutter, the question of CSS themes and how to implement them has come up. One of the proposals was WebKit, which the author asked more specifically about on his blog. It seems that WebKit, being a very fast rendering engine, would allow Mutter to have unprecedented power, not to mention being nearly future-proofed. As a major bonus, going this way could allow GNOME to share themes with KDE, which is apparently already headed towards a dependency on WebKit. Many people will reflexively recoil at the idea of a browser being mixed with a window manager. But it's important to remember that WebKit is not a browser — it's just a rendering engine, and it's not where all the security issues come from. So, what are the real technical issues at stake here? What are the pros and cons of using WebKit underneath GNOME rendering?"
Re:Lets see... (Score:4, Insightful)
One of the pros: GNOME gets a "tested" engine to do most of the work required...
And the con: GNOMErs will squabble about what to drop and in the end, they will create more duplication. Not good...not good at all.
I see pro's, but no con's (Score:1, Insightful)
Re:Lets see... (Score:5, Insightful)
Could you explain to me why this would be a greater security risk than some person making a "theme" that exploits a flaw in Metacity?
Re:Lets see... (Score:3, Insightful)
Re:Lets see... (Score:5, Insightful)
But, your window manager doesn't run as root. And themes have to be installed by the end user. This is no less secure that just using a browser.
The overhead could be ridiculous, sure, but this just isn't a security problem.
Re:Lets see... (Score:5, Insightful)
Browser rendering engines? In my application UI? It's more likely than you think, especially if you use Firefox, or any other application built around a XUL runtime. How many CSS-only exploits you heard of for them?
Power and future-proofing? (Score:1, Insightful)
Maybe I'm old-fashioned, but I'm not really seeing why we need so much power or future-proofing in a window manager. The window manager is responsible for... what, drawing title bars and window frames? Can someone explain to me what part of that needs future-proofing or would benefit in any way from an HTML rendering engine? It's not that I disagree, I honestly don't see the purpose or logic at all. I mean, if the GNOME guys decided to replace Gtk+ with WebKit... well, I think it'd be a lousy idea, but I could see the reasoning. This just completely baffles me. It's like if I suggested replacing a bookshelf with a refrigerator. OK, I guess you can put books in a refrigerator if you want; it does have shelves. And I suppose if you happened to have some books which needed to be kept cold, well, that'd be a big plus. Maybe putting an old book in the vegetable crisper would keep it in better condition longer.
But seriously, I'm not sure I've ever seen such a shining example of a solution looking for a problem.
Re:Lets see... (Score:5, Insightful)
Wait, how does this make it easier? Metacity's code is open already.
There are going to be a ton more crackers wanting to find ways to exploit Safari and Chrome than there will ever be wanting to find flaws in a WM.
And a ton more hackers working to fix those flaws.
Basically, without WebKit GNOME is just another DE, interesting, but not worth the work to exploit. On the other hand, with a ready-made script, it wouldn't take too long for someone with no skills to exploit it.
So you're basically arguing in favor of security through obscurity, and against code reuse?
Also, I fail to see how it's more dangerous for the average user to have their WM compromised than their browser. It's a lot easier to trick people into visiting a website, just once, than it is to convince them to install your theme.
Re:Power and future-proofing? (Score:1, Insightful)
Maybe I'm old-fashioned, but I'm not really seeing why we need so much power or future-proofing in a window manager. The window manager is responsible for... what, drawing title bars and window frames? Can someone explain to me what part of that needs future-proofing or would benefit in any way from an HTML rendering engine? It's not that I disagree, I honestly don't see the purpose or logic at all. I mean, if the GNOME guys decided to replace Gtk+ with WebKit... well, I think it'd be a lousy idea, but I could see the reasoning. This just completely baffles me. It's like if I suggested replacing a bookshelf with a refrigerator. OK, I guess you can put books in a refrigerator if you want; it does have shelves. And I suppose if you happened to have some books which needed to be kept cold, well, that'd be a big plus. Maybe putting an old book in the vegetable crisper would keep it in better condition longer.
But seriously, I'm not sure I've ever seen such a shining example of a solution looking for a problem.
I think the future they're proofing against is people adding arbitrary widgets to everything and then wanting them to inherit properties from the general theme.
Re:Lets see... (Score:4, Insightful)
and a pre-made rootkit to gain access.
you keep using that phrase, I don't think it means what you think it means.
1) your WM runs at user level, an exploit would therefore at best gain the ability to run code at user level.
2) you WM can be locked down pretty tough by apparmore/selinux/etc, so whatever code it can execute is limited to the functions of a WM anyway (no net access, no disk writes, etc)
3) if your downloading random themes from untrusted users, it's easier to attack you by giving you a widget/screenlet or random script to run.
4) if there is a security flaw in the webkit rendering engine, surely you can just exploit peoples browsers when they go to download your theme.
In summary please never talk about security ever again.
Re:WTF? No more CSS? (Score:4, Insightful)
Try using CSS for a while, and you'll see that its creators left out some frankly baffling features, such as the ability to center an element.
The 3 major implementations (Mozilla, WebKit, and IE) all had major differences in their first versions (with none of them implementing the spec properly!)
Other features that (dead tree) page designers would find extremely common were left out as well (hyphenation and columns being my biggest personal pet peeves)
Currently, there's a big push to do applications and graphics using CSS and Javascript, which have resulted in WebKit and Mozilla adopting a set of proprietary CSS attributes that aren't part of the standard.
Don't get me wrong -- style sheets were an absolute godsend to web development. However, both the standard (and the implementation of that standard) are crap. Metacity would be much better off taking NeXT/Apple route, and using a PDF/PostScript derivative.
Re:Unprecedented? Please. (Score:3, Insightful)
Active Desktop was part of or released with IE4, probably in mid-97. Too bad it sucked system resources so hard and was so unstable
Re:Power and future-proofing? (Score:2, Insightful)
Just a random thought off the top of my head, but would using css potentially help with technologies such as screen readers for the blind? Also, as you could have named areas, does it open up areas which can be set as preferences, for instance deciding that you prefer to have menus always at the top of the screen.
Just my 1p
Re:WTF? No more CSS? (Score:1, Insightful)
I'm not sure I understand how you start by saying that CSS barely works for the target environment
Just look at what you have to do to make rounded corners. (This seems especially relevant for WMs :) )