[lug] Processor assignment
Rob Nagler
nagler at bivio.biz
Sat Apr 2 07:55:01 MDT 2016
Hi Davide,
I guess the security thread you are trying to mitigate is very
> different from ours. X11 may not isolate apps, so a user can look what
> another is doing, or even pretend to be that user and? Guess what, the
> attacker already had shell access, so he could have done whatever he
> wanted (with the limit we place to them) to begin with.
That's the interesting part of X11: the server resides on your laptop, and
the clients are running somewhere. Therefore, all you need is a compromised
external computer, e.g. university computer, and that remote computer can
read the input to another remote server, e.g. Yellow Stone login node, on
which you are also running an X11 client. This is done without shell access
to your laptop.
There are ways to secure X11 via SELinux. If you are running Linux on your
laptop, you might be using Wayland, which does a better job of app
isolation. However, you might be using a Mac and XQuartz or Windows and
Xming. If so, you might try the experiment in this article on two different
remote X clients:
http://theinvisiblethings.blogspot.in/2011/04/linux-security-circus-on-gui-isolation.html
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20160402/8c4a69f4/attachment.html>
More information about the LUG
mailing list