From: minu_at_hzhome.mine.nu
Date: Thu 02 May 2002 - 10:45:42 BST
Hello,
I want to run untrusted X programs from (different) vservers.
Unfortunately I am not very familiar with X's features and security
issues.
My first idea was to run one X Server as a normal user (from the real
machine; not within a vserver) and to connect to this X Server via 'xhost'
authentication.
However, as it seems it is very easy for an X Client (once it gained
access to X) to spy other windows as well as mouse and keyboard inputs
(entering passwords !).
Using Xnest would prevent this behaviour, but in any case running the X
server not within a vserver seems to be dangerous due to the oftenly buggy
X server.
On the other hand, an X server needs permissions to devices like /dev/mem.
But with the permission to this device a vserver would be able to spy
everything running in the machine, real one and vserver. Right ?
Any ideas ?
Thanks in advance.
P.S.: Yes I know, the 'server' part of vserver stands for SERVER and not
for X, which is a typically client-side app. But I want to use vservers to
test untrusted apps which sometimes include X ones.