Create a *real* top level window

[Carsten Haitzler (The Rasterman)]

On Thu, 23 Sep 2010 16:53:37 +0300 Timo Juhani Lindfors <timo.lindfors at iki.fi>
said:

> Carsten Haitzler (The Rasterman) <raster at rasterman.com> writes:
> > modules/plugins at least in enlightenment (0.17 devel) can let you do just
> > about anything as they run inside the wm and have all privileges the wm
> > enjoys.
> 
> Thanks for the hints. However, if the window manager runs as normal
> user then normal user can easily use e.g. ptrace() to connect to the
> wm and disable any such features. Are you aware of any window managers

correct. you could run it as another user... but... it's x11. all bets are off
if you know enough. you can fight the wm with override-redirect windows and
more. it's not perfect, but if the aim is to circumvent just long enough to get
by some security - then you will win. running as another user or not. x11
flattens the power hierarchy significantly :) though pstrace won't help you
much - but such wm's that allow extending will allow the user to go disable
your module. the bi-product of that power being able to turn it on.. is also
able to turn it off :)

> that'd support running them as a separate user? At least with icewm
> that does not quite work => all processes started from its menus would
> then also be started as this separate wm-user and not the normal
> unprivileged user.

correct. any launching would need to go via a messaging interface to a launcher
daemon running as the user or via some change user id mechanism per launch.

> If I prefix all menu entries with "sudo -u normal-user ..." then I can
> not let normal users modify the menus, clearly not an option.

correct. if your aim is to lock a user out of his own desktop while his login
session is still there... and allow him regular access  too - you're out of
luck. in the x11 world access gets flattened. the user is pretty much king.
sure - the wm gets to call the shots for most things, but... the user controls
the wm. it's like the super-tool for x11. and most wm's take the theory that
user is king (not sysadmin) and will.

my suggestions is to stand back and totally rethink what you are trying to do.
in the standard x11 world the display has no access hierarchy. it's flat. the
logged in user is king. you'd have to modify the xserver itself to have such a
separation and provide a back-channel that can only be accessed by root to
implement what you want. reality otherwise is that any x client can kill off
another x client. any x client can grab the server, keyboard or pointer. x
pretty much assumes someone authorised to connect to x is "king of the display"
and allowed to - has the right to do anything they like and call the shots.
wm's,cm's etc. are just mechanisms via which such rules can be enforced - but
in the end the user controls the wm and cm, thus controls the display. keep
that in mind. maybe what you are trying to do is not such a good idea? maybe
its hard to do because it is particularly user-unfriendly when x11 considers
the user in charge?

(note i'm ignoring some of the more obscure x security extension - definitely
not standard/common).

-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    raster at rasterman.com