
This forum is proudly powered by Scientific Linux 6 | SL website Download SL Help Search Members |
Welcome Guest ( Log In | Register ) | Resend Validation Email |
![]() ![]() ![]() |
wearetheborg |
Posted: Jan 16 2012, 03:33 AM
|
|||
![]() SLF Geek ![]() ![]() ![]() ![]() Group: Members Posts: 249 Member No.: 18 Joined: 11-April 11 ![]() |
From http://plash.beasts.org/wiki/X11Security
Whats a realistic defense strategy? One thing is to not enter the root password on any desktop application (including xterm). Suppose I also want to protect the data in my home directory. If I open xterm in the same x-session as say firfox or a compromised pdf, then I am screwed? As the malware can send keystrokes to xterm? Can javascript anyway screw me? Ie run downloaded malware files? What is the solution? Run multiple x-servers at the same time (can be done)? Use xserver-less consoles (CTRL+ALT+F2) for entering passowords? An example of keyloggers: http://www.wilderssecurity.com/showpost.php?p=1740061&postcount=21 (I tried, the keylogger works ![]() Related discussion: http://www.wilderssecurity.com/showthread.php?t=280781 -------------------- |
|||
log69 |
Posted: Mar 3 2012, 06:38 PM
|
|
![]() SLF Member ![]() ![]() ![]() Group: Members Posts: 94 Member No.: 1325 Joined: 24-February 12 ![]() |
I just wrote a HowTo about sandbox that's a new feature in SL 6.x. That solves the problem in question by creating a separate X server for every sandbox'd process using Xephyr. Thought you might wanna take a look.
|
|
helikaon |
Posted: Mar 13 2012, 03:29 PM
|
|
![]() SLF Administrator ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Admins Posts: 837 Member No.: 4 Joined: 8-April 11 ![]() |
Hi there, imho, if you block the X server port in iptables level and if you forbid to users to log via ssh to your box (so that they cant tunnel tcp connections) or you control what they tunnel/forward, than it's pretty safe. Another matter would be, if you want ppl connect to your X server and you want secure X server, while ppl are connected - i dont have experience with this, so cant say educatedly. cheers, ![]() -------------------- |
|
![]() |
![]() ![]() ![]() |