Summary
-------
As described in another thread
(<http://marc.info/?l=openbsd-misc&m=141677224322425&w=1>),
I'm trying to run firefox as a non-privileged user _firefox, talking
to my X server (no Xephyr yet) via an ssh tunnel. But I've discovered
a serious flaw in this scheme: cut-n-paste is completely broken. In
fact, it looks like cut-n-paste from any X client with a diferent
uid/gid than the X server is broken. :(
My basic question is, is there any way to fix this?
Details:
-------
Lenovo Thinkpad T60, 3GB RAM + 6GB swap. Fresh install of OpenBSD 5.6
from the CD, updated to -stable as of 2014-11-19. My usual login is
in login class staff, for which I've edited /etc/login.conf to set the
memoryuse, datasize, and stacksize limits (all both -cur and -max) to
'infinity', so there should be enough memory for firefox to run ok.
I use twm(1) as my window manager. firefox is the 5.6 package, but
I've renamed the binary:
# cd /usr/local/bin; mv firefox firefox.bin
I used adduser(8) to create a new unpriviliged user _firefox,
group _firefox, no other group memberships, login class staff.
I've set up ssh authentication so I can ssh to _firefox.
Now, in an xterm, call it xterm #1:
% ssh -X -i $HOME/.ssh/firefox_id_rsa _firefox@localhost
This gives me a shell (in that same xterm #1) running as uid/gid
_firefox, with ssh proxying and tunneling X back to my X server.
(I'm not using Xephyr(1) at this point.)
Now, in the _firefox shell,
$ firefox.bin &
I get a a couple of warning messages that the ssh proxy/tunnel is
lacking some X protocol extensions
Xlib: extension "RANDR" missing on display "localhost:10.0".
Xlib: extension "MIT-SHM" missing on display "localhost:10.0".
but then firefox starts and runs fine.
Now suppose I try to cut-n-paste some text from the firefox window to
(say) a vi (in insert mode) which is running in some other xterm window
(call this one xterm #2). [For twm, 'cut-n-paste' means double- or
triple-left-click to select, then middle-click to paste.] This goes
badly awry:
* the cut appears to work normally (text is highlighted)
* the paste appears to be a no-op, ... but
* a few seconds later, the target xterm window (#2) disappears (and
the vi and xterm processes are gone)
To see if this is a firefox issue, or a more generic problem with
cut-n-paste between X clients running with different uid/gid, I tried
starting an xterm instead of a firefox process. That is, from the
_firefox shell, I typed
$ xterm &
and in the newly-started xterm (call it xterm #3) typed a few commands
to put some text on the screen
$ echo hello world
hello world
$ banner hello
# # ###### # # ####
# # # # # # #
###### ##### # # # #
# # # # # # #
# # # # # # #
# # ###### ###### ###### ####
$
then I tried to cut-n-paste the banner 'hello' text from xterm #3
into somewhere else.
The result was that the cut operation killed the xterm #3 window, with
the following X error message displayed back in the _firefox shell
running in xterm #1:
$ xterm &
[1] 25801
$ xterm: warning, error event received:
X Error of failed request: BadAccess (attempt to access private resource
denied)
Major opcode of failed request: 18 (X_ChangeProperty)
Serial number of failed request: 599
Current serial number in output stream: 600
[1] + Done (83) xterm
$
(Interestingly, I had no problem cut-n-pasting that error text from
xterm #1 into a vi (in insert mode) over in still another xterm window.
What I conclude from all of this is that (apparently) my window manager
and/or X server have noticed that {firefox, xterm #3} are running as
uid/gid _firefox/_firefox, while my {window manager, X server} have my
usual (different) uid/gid, so the cut-n-paste attempt (indeed, the cut
itself, judging by the xterm error message) is blocked.
So... questions:
* is this indeed what's going on?
* it's been a long time since I tried cut-n-paste from a 'remote'
window; is this what usually happens [I'll try some tests...]?
* what piece of software is enforcing this security policy?
(once I find that out, then I can investigate if/how the policy
might be configured to be more suitable to my needs)
* given my underlying goal of trying to exploit-mitigate firefox
(<http://marc.info/?l=openbsd-misc&m=141616701418506&w=1>),
what other options are there for handling cut-n-paste?
(Maybe xcutsel(1) and/or xclipboard(1) would be useful here?)
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]"
<jth...@astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
