security extension

Martin Uecker uecker at eecs.berkeley.edu
Sun Jan 5 00:15:27 PST 2014


Hi all,

I wonder what it would take to make the security extension
more useful again. A lot of people use X remotely with ssh
which is unsafe without something like this. Openssh has
convenient support to run clients as untrusted. Atleast
for the programs I use remotely this works well. 

Currently, the extension is not even compiled by default and
there are a few clients which crash (but this seem to be
minor problems and most seem to work just fine). 

I am currently trying to understand how much protection
this extension actually provides and what is still
missing.

It would also be nice to have the RENDER extension
available to untrusted clients. Because it already has
XACE hooks, this might be doable.

Any comments?
Martin



More information about the xorg-devel mailing list