Hi, On 1/2/20 7:06 AM, Jonathan Aquilina wrote: > Evening All, > > I have a question is there anyone working on ethically hacking all aspects of > enlightenment. Reason I am asking is it might be a good idea to ensure > enlightenment does not pose any issues from a security aspect for end users. > > Let me know your opinions on this as this is an area that really does > interest me for sure 😊 > > Hope everyone had a great Christmas and wanting to wish everyone a very happy > and prosperous new year!
Under X11 there is little point in doing much, it was never designed with security in mind so things like key logging and screen grabbing can be done just using the native X11 API. If you think about what apps like synergy and gimp's color picker can do using native API's with no privileges you'll get a good idea. As such many things that would generally be a security issue in other software don't get heaps of time because you can probably do it using the API without an exploit anyway. Having said that there are certainly areas worth looking at, especially the binaries using suid bits to see if you can do any privilege escalation. Wayland also sandboxes apps much better so its probably worth looking there because anything you find would be worth while. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel