Carsten Haitzler (The Rasterman) <[email protected]> writes: > luck. in the x11 world access gets flattened. the user is pretty much king.
That's the impression I've unfortunately got too. > my suggestions is to stand back and totally rethink what you are > trying to do. I have several different use cases but mainly I'm interested in improving the common usage pattern: users run web browser and sudo under the same X server. If an attacker can run arbitrary code due to a bug in the web browser they can easily wait for the user to invoke sudo and then escalate to root. As a pet project I've been planning a sudo wrapper that provides trusted path for acknowledging each command. You can read the details at http://lindi.iki.fi/lindi/darcs/sido/README but the project is currently stuck due to challenges with X. > logged in user is king. you'd have to modify the xserver itself to have such a > separation and provide a back-channel that can only be accessed by root to > implement what you want. reality otherwise is that any x client can kill off I think I have explored most of these options: 1) as a "back-channel" I use /dev/input/by-path/platform-i8042-serio-0-event-kbd for input and a separate virtual console for output. The drawback here is that drivers are buggy and can crash the system on vt switch.. 2) normal users could run all their programs under vnc4server and when they login I would just run fullscreen xvnc4viewer as a trusted user. This is easy but causes extra slowdown. I did not research this further since I wanted a solution that'd be usable by normal desktop users. 3) I looked at XACE. It looks that it might be possible to write an extension that'd give special powers to clients that have authenticated using a specific magic cookie. I am not sure if this is true. 4) I have looked at selinux extension. It looks like it could work but the papers mention that a modified twm is needed, I have not found the source of that yet and I am not familiar with selinux: "Here's a screen shot of a hacked twm that displays this property in place of the usual window title: http://people.freedesktop.org/~ewalsh/twm-demo.png"; -- http://www.nsa.gov/research/selinux/list-archive/0611/thread_body83.shtml 5) Finally I have looked at KMS in the hope that it could provide a "graphical back-channel" but have not succeeded yet here either. _______________________________________________ [email protected]: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: [email protected]
![http://people.freedesktop.org/~ewalsh/twm-demo.png"](http://people.freedesktop.org/~ewalsh/twm-demo.png"){kind=link}