Hi. First, yes I know this may be considered a little bit off topic, given that it's not about xorg development itself; but neither is it a normal support question, I guess.
The background is OpenSSH bug #1926 (https://bugzilla.mindrot.org/show_bug.cgi?id=1926), in which I proposed to allow using Xephyr for X-forwarding. But the principle is not limited to SSH. Many people don't want to do X-forwarding (especially from untrusted systems) because of all kind of attacks the evil remote system could perform. Now my idea was, if all that were "confined" in a Xephyr session (perhaps one per host connection, or perhaps even per executed command - just as the users likes)... one could get kind of a "secure X-forwarding". So questions are: 1) Can I restrict X-forwardings to a specific X-server (i.e. the Xephyr instance that should be used for it; and that is for example automatically started by ssh)? How's that done best? (i.e. in the most strict/secure way)? 2) Is it possible to "break" out of a Xephyr? Well of course I'm not talking about possibly hidden security holes, but rather: Are there "intended" ways to break out? 3) How about resource sharing? Are there things like shared memory between Xephyr and its host X? Can Xephyr use hardware features like direct communication with the 3D card? 4) What (else) can one do to restrict Xephyr as much as possible? Or more generally, what else should one to with respect to my idea in the above bug. Thanks, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
