Hi Mark,
I've looked briefly at this before. A few thoughts:
* Rather than messing around with LD_PRELOAD and X proxies you really
just want to build your own patched copy of GTK+. This sort of change
is fundamental and not something you should try and layer over an
existing system. For X security you need to look at SE-X, which is
SELinux but for the X server.
* This problem is a specific form of a more general one, which is how to
separate submodules of an existing monolithic C/C++ codebase into
separate processes which run in separate security contexts. Not
co-incidentally, this is the subject of my university dissertation.
I'm intending to make the resulting RPC framework available under an
appropriate license once I have finished my degree. So far the RPC API
is quite simple and easy to integrate with existing apps (it's a
typeless/IDL-less system) and I think a PowerBox implementation for GTK+
would be a good application of it. This goes some way towards solving
the problem of proxying gtk_window* calls to the remote process.
* A Plash independent way to do this is have the PowerBox open the file
itself, then send the file descriptor across the RPC connection. Then
get_filename can return /proc/self/fd/$x and everything should work as
normal except that displaying the filename in the title bar etc
wouldn't operate correctly.
___
gtk-devel-list mailing list
gtk-devel-list@gnome.org
http://mail.gnome.org/mailman/listinfo/gtk-devel-list
