Re: How to use gksu to safely run a non-open-source application?


Thanks for pointing me at this - it's just at the level that I can grasp.

It seems that X has facilities to keep unwanted users from connecting - but a user that is connected has complete access. So my project of allowing a hostile user to put a window on my desktop cannot be done safely.

This seems like an oversight on the part of the designers of X.

I can see one possible (but work-intensive) solution. This would be to have an X proxy program which would maintain a virtual screen/mouse/keyboard that contained only the hostile user's window. The hostile user would communicate with the proxy, and the proxy would filter the information from the actual screen/mouse/keyboard e.g. so that mouse and keyboard events would be passed on only when the hostile user's window had the focus. The proxy could even put a warning border around the hostile user's window when displaying it on the actual screen.

A little beyond my abilities at the moment, unfortunately.

Paul Smith wrote:

One page I found in about 2 seconds by giving "X windows security" to
Google is:

A client can get a complete screendump (that's what the
snapshot program does for example), and it can also see every keypress
that goes through the server.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]