On Sat, 12 Dec 2009 23:47:38 +0200 (EET) Lars Nooden <lars.cura...@gmail.com> wrote:
> On Sat, 12 Dec 2009, Duncan Patton a Campbell wrote: > > On Wed, 18 Nov 2009 21:51:03 -0800 > > Ted Unangst <ted.unan...@gmail.com> wrote: > >> How many people are aware that any X program can listen to the > >> keystrokes of any other X program? > > > > Any machine running or accessed by an X-machine is fundamentally > > insecure to whatever level of perms the accessor has. Which doesn't > > mean that I don't use X, just that I assume, a-priori, that anything on > > X is common-wealth. > > So everything under X should be considered available to everything else > under X. > > I presume new models for displays, or new ways to get some kind of > privilege separation for X, have been discussed to death > already. Is there any key discussion or publication? > I assume you've been to x.org and are asking me for a qualitative assessment I'm not qualified to answer;-) Over the years this issue has re-emerged in various contexts with various proposals and I don't think any resolution better than a "vetted" code base has been agreed. Dhu > /Lars
