On Thu, 23 Sep 2010 16:53:37 +0300 Timo Juhani Lindfors <[email protected]> said:
> Carsten Haitzler (The Rasterman) <[email protected]> writes: > > modules/plugins at least in enlightenment (0.17 devel) can let you do just > > about anything as they run inside the wm and have all privileges the wm > > enjoys. > > Thanks for the hints. However, if the window manager runs as normal > user then normal user can easily use e.g. ptrace() to connect to the > wm and disable any such features. Are you aware of any window managers correct. you could run it as another user... but... it's x11. all bets are off if you know enough. you can fight the wm with override-redirect windows and more. it's not perfect, but if the aim is to circumvent just long enough to get by some security - then you will win. running as another user or not. x11 flattens the power hierarchy significantly :) though pstrace won't help you much - but such wm's that allow extending will allow the user to go disable your module. the bi-product of that power being able to turn it on.. is also able to turn it off :) > that'd support running them as a separate user? At least with icewm > that does not quite work => all processes started from its menus would > then also be started as this separate wm-user and not the normal > unprivileged user. correct. any launching would need to go via a messaging interface to a launcher daemon running as the user or via some change user id mechanism per launch. > If I prefix all menu entries with "sudo -u normal-user ..." then I can > not let normal users modify the menus, clearly not an option. correct. if your aim is to lock a user out of his own desktop while his login session is still there... and allow him regular access too - you're out of luck. in the x11 world access gets flattened. the user is pretty much king. sure - the wm gets to call the shots for most things, but... the user controls the wm. it's like the super-tool for x11. and most wm's take the theory that user is king (not sysadmin) and will. my suggestions is to stand back and totally rethink what you are trying to do. in the standard x11 world the display has no access hierarchy. it's flat. the logged in user is king. you'd have to modify the xserver itself to have such a separation and provide a back-channel that can only be accessed by root to implement what you want. reality otherwise is that any x client can kill off another x client. any x client can grab the server, keyboard or pointer. x pretty much assumes someone authorised to connect to x is "king of the display" and allowed to - has the right to do anything they like and call the shots. wm's,cm's etc. are just mechanisms via which such rules can be enforced - but in the end the user controls the wm and cm, thus controls the display. keep that in mind. maybe what you are trying to do is not such a good idea? maybe its hard to do because it is particularly user-unfriendly when x11 considers the user in charge? (note i'm ignoring some of the more obscure x security extension - definitely not standard/common). -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] _______________________________________________ [email protected]: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: [email protected]
