He always could keep running X-window and his window manager (both) in a chrooted environment, he just protect extremely /dev/mem. Maybe he would not need /proc filesystem. If security is important why don't keep running the Xserver isolated (in a virtualbox for example and hardened with rsbac) and remote users get logged in with xnest through a ssl tunnel?. With those you get your untrusted users isolated from main system.
In my opinion getting X-window running is bad in security concerns, by this reasons: - First: PaX should be disable in mprotect terms since Xorg needs it (with it refuse to run) . - Second: Access to /dev/mem have to be granted and get in mind that CAP_SYS_RAWIO capability (between others) too, for this reason, one bug in Xserver will give all control to the attacker (and keep in mind that with access to /dev/mem all Selinux, rsbac and grsecurity policies are wasted efforts). Since mprotect protections have to be disabled pax could not protect you. - Third: You must assure the access to the display, to make a keylogger in x-window is easy if there is posibility to connect untrusted clients to it. 2008/11/25 RB <[EMAIL PROTECTED]>: > On Tue, Nov 25, 2008 at 08:00, Jan Klod <[EMAIL PROTECTED]> wrote: >> Suppose, I want to take some extra precautions and set up PaX&co and MAC on a >> workstation with Xorg and other nice KDE apps (only some of which should be >> granted access to files in folder X). I would like to read others opinion, if >> I can get considerable security improvements or I will have to make that much >> of exceptions to those good rules, as it makes protection too useless? > > KDE (and to a lesser extent X) pretty much nullifies most application > isolation efforts you're going to make. Even if you ran each > application under a dedicated user and in its own chroot environment, > the GUI provides IPC facilites that will readily bypass all your hard > effort. As with your other email, clicking a link in one app opens a > browser window in another, regardless of what user separation you > might have - KDE does this under the covers, since it's what most > users would actually want, but you perceive it as a security breach.
