[arch-general] sandboxing
Shridhar Daithankar
ghodechhap at ghodechhap.net
Sun Feb 5 05:38:09 UTC 2017
On Sunday 5 February 2017 6:10:51 AM IST sivmu wrote:
> Am 05.02.2017 um 05:16 schrieb Shridhar Daithankar:
> > On Saturday 4 February 2017 7:28:31 AM IST sivmu wrote:
> >> As long as the application has access to the xwayland instance, which is
> >> by default the case when xwayland is available, it can influence all
> >> other applications that still use the x-protcol.
> >
> > Just to understand, if there are two applications using xwayland, under a
> > wayland session, will they be still able to look at each other's
> > resources?
> >
> > If the answer is no, the security is equivalent to the wayland
> > applications, since xwayland instance is essentially a sandbox?
>
> Not sure what you mean with resources.
devices and events, mostly.
> this point is about the insecurity of the X Windows System architecture,
> which basically assumes that all applications are to be trusted. There
> is no build in security, therefore failing modern threat models completly.
>
> This explains it pretty well I guess:
> https://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-> isolation.html
ok. It confirms my understanding that X clients can listen to each other's
events and modify them.
But in xwayland, things are bit different.
https://lists.freedesktop.org/archives/wayland-devel/2014-January/012777.html
As the thread suggests, if there is a separate X server instance per xwayland
application, they won't be able to snoop on each other.
> Btw. to fully prevent keyloggin on wayland, you need to do more, e.g. by
> sandboxing, since there are ways to work around the security of wayland
> where the default linux security model is weaker then that of the
> wayland architecture.
>
> More info here:
> https://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyl
> oggers/
Exactly. If I am running chromium with firejail, which whitelists what
chromium can do to the file system(even better with --private); the browser
cannot tamper with .profile/.bash_profile or .ssh.
--
Regards
Shridhar
More information about the arch-general
mailing list