On 21.09.2016 19:57, grarpamp wrote:
On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel yawning@schwanenlied.me wrote:
Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
X11 is a huge mess of utter fail. Since the sandboxed processes get direct access to the host X server, this is an exploitation vector.
Is anyone actually actively throwing the full audit gamut at X11 these days, or is it still just one giant pile of 30 year legacy waiting to explode?
At this point no further audit of X11 is necessary. It is well understood that it is insecure by design. In fact why would you need an audit, take look at X11 API for yourself: * X11 client: Please send me all keyboard events * X11 server: As you wish
That does not mean that you are without options. Firejail X11 sandboxing guide [0] recommends running X11 applications inside a separate X11 server (like Xpra or Xephyr).
Additionally there are at least two display servers that took security a little bit more seriously, i.e., Wayland and Mir. If you combine this with Flatpak or Snappy, maybe something good will come out of this. I would rather bet on Flatpak [1]. It is not there yet, but seems to be solving right problem.
[0] https://firejail.wordpress.com/documentation-2/x11-guide/ [1] https://github.com/flatpak/flatpak/wiki/Sandbox