On 08-25 01:55, Eldritch wrote: > > Rather, I'm looking for a full separation between the users, > > nothing shared but the obsd kernel and hardware, and no more overhead for > > each one than X normally has, since each user is just running > > flat normal X, but fully and independently of the other X user. Am I > > mistaken in how I understand Xnest and Xephyr? > > It's possible to run multiple X servers. As far as I know all you would > have to do is add another line to /etc/X11/xenodm/Xservers and edit > /etc/ttys to not launch a tty on the console window you selected. > > Altough you don't really need multiple X servers for privilege > separation. ssh and vnc open an untrusted connection to the X server, > which you can do manually with xauth. > > I managed to get Firefox running as an untrusted client with the > following snippet in /etc/X11/xenodm/Xsetup_0: > > user=_firefox > auth=/home/$user/.Xauthority > umask 077 > xauth -f $auth generate :0 . untrusted timeout 0 > chown $user:$user $auth > chmod 0600 $auth > > And then starting it as the unprivileged _firefox user.
Thank you! I need to spend some time trying your suggestions, including getting my mind around xauth usage, then testing it with things like xinput or xev, to make sure that, like with "ssh -X...", it prevents any user from getting keystrokes sent to apps which run as other users (though I realize ssh -X doesn't hide mouse events or prevent clipboard sharing, or some such IIRC), and that the total attack surface isn't much larger, etc. -- Luke Call "...I, the Lord, justify you...in befriending that law which is the constitutional law of the land.... Wherefore, when the wicked rule the people mourn. Wherefore, honest men and wise men should be sought for diligently, and good men and wise men ye should observe to uphold; ...whatsoever is less than these cometh of evil." (Doctrine & Covenants 98:6,9-10. >From 1833, when I think "men" often meant "persons". More at my site: >lukecall.net .) I think *honesty*, the Constitution and the rule of law (as opposed to of individuals), are far more important, relatively, than most or all policy issues, even important ones.
