http://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/
hmmmm, great, looks like X is not soo good regarding security.. maybe Wayland.. On Tue, Mar 3, 2015 at 6:09 PM, someone <[email protected]> wrote: > Wow, copying the .Xauthority to the "separated" user worked! > > But I'm still thinking that the "separated" user can give out the command: > > xinput test 6 > > and can see what anyone types in via X. > > > On Tue, Mar 3, 2015 at 5:56 PM, Ryan Freeman <[email protected]> wrote: > >> On Tue, Mar 03, 2015 at 05:51:27PM +0100, someone wrote: >> > Hello, >> > >> > If I: >> > >> > pkg_add firefox-esr >> > >> > then I cannot see any separated user for it: >> > >> > grep -i firefox /etc/passwd >> > >> > When will OpenBSD have a separated user for the webbrowser by default? >> >> I think Ted specifically stated that jailing the browser under its own >> user was outside the scope of what he was intending to do.. >> >> > If someone gets in via the webbrowser... it will have the id_rsa, the >> > *.kdb, etc. >> > >> > If it will not be default.... what are the solutions for the people to >> > run their webbrowser with another user? >> > >> > $ su - foo >> > Password: >> > $ /usr/local/bin/firefox-esr >> > Error: no display specified >> > $ exit >> > echo $DISPLAY >> > :0 >> > $ su - foo >> > Password: >> > export DISPLAY=":0" >> > $ /usr/local/bin/firefox-esr >> > No protocol specified >> > No protocol specified >> > Error: cannot open display: :0 >> > $ >> > >> >> You'll need to copy the .Xauthority file from your main user (the one >> running X) to ~foo/.Xauthority >> >> From there, you can then run X apps as foo and they should work just >> fine. >> >> > Or is X so bad that it's not worth it? Can I run _several X servers_ >> > on my notebook (separated from each other)? >> > >> > Ex.: CTRL+ALT+F2 would bring up the logged in user with it's own X >> > server, and CTRL+ALT+F3 another.. >> > >> > Many thanks,
