About this list Date view Thread view Subject view Author view Attachment view

From: Fran Firman (fran_at_netgate.net.nz)
Date: Mon 06 May 2002 - 22:10:22 BST


Have you thought of using vncserver in the vserver / full machine and
Xvnc to the vncserver via a ssh tunnel.

Fran.

On Thu, 2002-05-02 at 21:45, minu_at_hzhome.mine.nu wrote:
>
> Hello,
>
> I want to run untrusted X programs from (different) vservers.
>
> Unfortunately I am not very familiar with X's features and security
> issues.
>
> My first idea was to run one X Server as a normal user (from the real
> machine; not within a vserver) and to connect to this X Server via 'xhost'
> authentication.
> However, as it seems it is very easy for an X Client (once it gained
> access to X) to spy other windows as well as mouse and keyboard inputs
> (entering passwords !).
>
> Using Xnest would prevent this behaviour, but in any case running the X
> server not within a vserver seems to be dangerous due to the oftenly buggy
> X server.
>
> On the other hand, an X server needs permissions to devices like /dev/mem.
> But with the permission to this device a vserver would be able to spy
> everything running in the machine, real one and vserver. Right ?
>
> Any ideas ?
>
>
> Thanks in advance.
>
>
> P.S.: Yes I know, the 'server' part of vserver stands for SERVER and not
> for X, which is a typically client-side app. But I want to use vservers to
> test untrusted apps which sometimes include X ones.
>
>
>
>
>
>
>
>
>
>



About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:40 GMT by hypermail 2.1.3