In "The Linux Security Circus: On GUI isolation" (link:
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
) - The Invisible Things Lab's blog, Joanna Rutkowska describes attacks from
one X11 app on another and the general problem of the lack of GUI-level
isolation, and how it essentially nullifies all the desktop security.
One application can sniff or inject keystrokes to another one, can take
snapshots of the screen occupied by windows belonging to another one, etc.
The bit about how the X11 security model has changed over time and doesn't fit
well with Linux was interesting. She pitches Qubes OS (Beta 1) as a secure
alternative.
My questions:
Can passive (snooping) attacks be avoided? The passive attack she describes
certainly works on my system, though I note that one of the comments says
gksudo input can't be snooped.
Can active attacks (injecting keystrokes) be avoided? I seem to recall that
active attacks was turned of by default a long time ago. But a quick google
suggests that the XTest extension nullifies that (How to map a key-combination
to a keyboard-button?).
Most Linux distros are moving to Wayland as a replacement for X11. Does it
provide for good isolation between apps?
Is there hope for security on the desktop? :)
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
