[arch-general] sandboxing

sivmu sivmu at web.de
Sun Feb 5 05:58:58 UTC 2017



Am 05.02.2017 um 06:38 schrieb Shridhar Daithankar:
>> this point is about the insecurity of the X Windows System architecture,
>> which basically assumes that all applications are to be trusted. There
>> is no build in security, therefore failing modern threat models completly.
>>
>> This explains it pretty well I guess:
>> https://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-> isolation.html
> 
> ok. It confirms my understanding that X clients can listen to each other's 
> events and modify them.
> 
> But in xwayland, things are bit different.
> 
> https://lists.freedesktop.org/archives/wayland-devel/2014-January/012777.html
> 
> As the thread suggests, if there is a separate X server instance per xwayland 
> application, they won't be able to snoop on each other.
> 

Sounds like what some sandboxing tools try to do with xpra and other
additional x instances.

However the default on wayland/xwayland is as described. You can easily
try weston. Just install and enter 'weston' and you will get a weston
instance where you can try this out with xinput

>> Btw. to fully prevent keyloggin on wayland, you need to do more, e.g. by
>> sandboxing, since there are ways to work around the security of wayland
>> where the default linux security model is weaker then that of the
>> wayland architecture.
>>
>> More info here:
>> https://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyl
>> oggers/
> 
> Exactly. If I am running chromium with firejail, which whitelists what 
> chromium can do to the file system(even better with --private); the browser 
> cannot tamper with .profile/.bash_profile or .ssh.
> 

Not so sure using firejail will not actually decrease security in light
of the recent wave of local root exploits...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170205/225bbf8e/attachment.asc>


More information about the arch-general mailing list