From: GT (gt_at_syndicus.org)
Date: Sun 02 Nov 2003 - 15:48:30 GMT
that are definetly some approaches I wasn't aware of!
Actually, the untrusted xauthority was what I was looking for. Except of course what you've already pointed out: many applications do not support untrusted xauths or do not run as expected. Even xeyes cannot set its transparent background.
I believe in security through simplicity. That's what I like about vserver: It's simple; except the handling of the notorious loopback-device, of course.
But running applications under Xnest or Xvnc seems to add a little overhead. ssh-programmers also thought about using Xnest to ensure X11-forwarning security, but finally said Xnest was too insecure and not simple enough for the average user.
Vserver mailing list