Re: Call-return interface for file choosers? (and: security using powerboxes)
- From: Mike Hearn <mike plan99 net>
- To: gtk-devel-list gnome org
- Subject: Re: Call-return interface for file choosers? (and: security using powerboxes)
- Date: Fri, 25 Nov 2005 15:08:33 +0000
Hi Mark,
I've looked briefly at this before. A few thoughts:
* Rather than messing around with LD_PRELOAD and X proxies you really
just want to build your own patched copy of GTK+. This sort of change
is fundamental and not something you should try and layer over an
existing system. For X security you need to look at SE-X, which is
SELinux but for the X server.
* This problem is a specific form of a more general one, which is how to
separate submodules of an existing monolithic C/C++ codebase into
separate processes which run in separate security contexts. Not
co-incidentally, this is the subject of my university dissertation.
I'm intending to make the resulting RPC framework available under an
appropriate license once I have finished my degree. So far the RPC API
is quite simple and easy to integrate with existing apps (it's a
typeless/IDL-less system) and I think a PowerBox implementation for GTK+
would be a good application of it. This goes some way towards solving
the problem of proxying gtk_window* calls to the remote process.
* A Plash independent way to do this is have the PowerBox open the file
itself, then send the file descriptor across the RPC connection. Then
get_filename can return /proc/self/fd/$x and everything should work as
normal except that displaying the filename in the title bar etc
wouldn't operate correctly.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]