Hi Mark, I've looked briefly at this before. A few thoughts:
* Rather than messing around with LD_PRELOAD and X proxies you really just want to build your own patched copy of GTK+. This sort of change is fundamental and not something you should try and layer over an existing system. For X security you need to look at SE-X, which is SELinux but for the X server. * This problem is a specific form of a more general one, which is how to separate submodules of an existing monolithic C/C++ codebase into separate processes which run in separate security contexts. Not co-incidentally, this is the subject of my university dissertation. I'm intending to make the resulting RPC framework available under an appropriate license once I have finished my degree. So far the RPC API is quite simple and easy to integrate with existing apps (it's a typeless/IDL-less system) and I think a PowerBox implementation for GTK+ would be a good application of it. This goes some way towards solving the problem of proxying gtk_window* calls to the remote process. * A Plash independent way to do this is have the PowerBox open the file itself, then send the file descriptor across the RPC connection. Then get_filename can return /proc/self/fd/$x and everything should work as normal except that displaying the filename in the title bar etc wouldn't operate correctly. _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/gtk-devel-list
