On Wed, 13 Oct 2010 17:51, d...@fifthhorseman.net said: > If i run the agent locally, and forward access to it to a constrained > account, then the constrained account (which is talking to the agent) > *does not* have the ability to simulate such X11 events.
You mean to a different X server? For example from a nested one to the main X server? Then why do you want to have this yes/no prompt, the other X server has no access to the pinentry. I doubt that it is possible to have a restricted account running on the same X server. > requires, say, an ACPI event, or a special keypress (not an X11 event) > from a designated hardware button. in that case, malicious code with > access to the X11 session could detect that a prompt had been made, and If there is malicious code running on your machine with access to resources under your control, I can only say: game over. No external button will help you here. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
