Re: Call-return interface for file choosers? (and: security using powerboxes)



Hi Mark,

I've looked briefly at this before. A few thoughts:

 * Rather than messing around with LD_PRELOAD and X proxies you really
   just want to build your own patched copy of GTK+. This sort of change
   is fundamental and not something you should try and layer over an
   existing system. For X security you need to look at SE-X, which is
   SELinux but for the X server.

 * This problem is a specific form of a more general one, which is how to
   separate submodules of an existing monolithic C/C++ codebase into
   separate processes which run in separate security contexts. Not
   co-incidentally, this is the subject of my university dissertation.

   I'm intending to make the resulting RPC framework available under an 
   appropriate license once I have finished my degree. So far the RPC API 
   is quite simple and easy to integrate with existing apps (it's a
   typeless/IDL-less system) and I think a PowerBox implementation for GTK+
   would be a good application of it. This goes some way towards solving
   the problem of proxying gtk_window* calls to the remote process.

 * A Plash independent way to do this is have the PowerBox open the file
   itself, then send the file descriptor across the RPC connection. Then
   get_filename can return /proc/self/fd/$x and everything should work as
   normal except that displaying the filename in the title bar etc
   wouldn't operate correctly.






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]