[arch-general] sandboxing
Leonid Isaev
leonid.isaev at jila.colorado.edu
Sun Feb 5 06:00:12 UTC 2017
On Sun, Feb 05, 2017 at 11:08:09AM +0530, Shridhar Daithankar wrote:
> ok. It confirms my understanding that X clients can listen to each other's
> events and modify them.
>
> But in xwayland, things are bit different.
>
> https://lists.freedesktop.org/archives/wayland-devel/2014-January/012777.html
>
> As the thread suggests, if there is a separate X server instance per xwayland
> application, they won't be able to snoop on each other.
Yes, and you don't need wayland for that... If copy-paste between apps is not
required, xephyr should be sufficient. AFAUI, selinux sandbox does that
https://dwalsh.fedorapeople.org/SELinux/Presentations/sandbox.pdf .
> > Btw. to fully prevent keyloggin on wayland, you need to do more, e.g. by
> > sandboxing, since there are ways to work around the security of wayland
> > where the default linux security model is weaker then that of the
> > wayland architecture.
> >
> > More info here:
> > https://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyl
> > oggers/
>
> Exactly. If I am running chromium with firejail, which whitelists what
> chromium can do to the file system(even better with --private); the browser
> cannot tamper with .profile/.bash_profile or .ssh.
See, this is the problem: Why would a browser need these files? File access
should only be possible with user interaction (via a file-open dialog).
Cheers,
--
Leonid Isaev
More information about the arch-general
mailing list