|
From: | Liraz |
Subject: | [Plash] Re: X11 proxy related questions |
Date: | Tue, 10 Jun 2008 19:12:19 +0300 |
User-agent: | Thunderbird 2.0.0.12 (X11/20080227) |
Hi Mark,
I have since found a tool which should be able to provide most of the X security requirements very quickly: Xpra. It takes quite a different approach to my X proxy. It runs applications under a separate X server (Xvfb). It forwards window contents to the real X server, and forwards keyboard and mouse input and window positions in the other direction to the Xvfb server. It was not originally intended a security tool, but as an X equivalent of "screen". See <http://partiwm.org> and <http://lists.partiwm.org/pipermail/parti-discuss/2008-April/000014.html>. I am not actively working on the X proxy, so I can't say when it will be usable. I will probably try improving Xpra first.
Xpra looks very interesting. I didn't realize it could be used for this purpose when I first came across it. Thanks for the reference!
What security properties are you interested in? Preventing input injection, for example, is much easier than preventing keyboard snooping. Preventing denial of service is hard. You might want to stop applications from stealing the input focus, for example, which really requires window mangaer support; it can't easily be done by Xpra or an X proxy on its own.
I don't really care about preventing denial of service, but I do care about keyboard snooping which could reveal confidential data and also about allowing an untrusted application (e.g., firefox) to inject events into arbitrary windows on my desktop.
Stealing input focus is a borderline concern as I believe it would be harder to exploit in practice.
3) Will secure selections between trusted and untrusted applications be possible?I believe it will be possible to forward the X selection between trusted and sandboxed applications with the X proxy or Xpra. x2x and Synergy already do this.
Yes, I've used x2x to forward X selections between a trusted X server and an untrusted nested X server. I'll have to experiment to see how well this works with Xpra/Xvfb.
The harder part is what it might mean to do that securely. There are some notes on the wiki about that: <http://plash.beasts.org/wiki/TrustedPathButtons> and a thread here: <http://lists.laptop.org/pipermail/security/2008-April/000391.html>. In brief, doing copy and paste via the keyboard shortcuts Ctrl-C and Ctrl-V can be made secure without changing X applications, but making Copy and Paste menu items secure will require modifying applications.
Good idea. I've read the links and I understand the principles, but does an implementation already exist that I could try out?
[Prev in Thread] | Current Thread | [Next in Thread] |