Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] memory management



On Thu, Jun 25, 2015 at 02:32:24PM -0500, Derek Martin wrote:
> On Sun, Jun 21, 2015 at 03:18:03PM +0200, Bill Bogstad wrote:
> > On Sun, Jun 21, 2015 at 1:10 PM, Jerry Feldman <gaf at blu.org> wrote:
> 
> > I'm curious though, how this other user account gains access to your
> > X server.   Allowing other user ids to write on your screen/capture
> > key & mouse events seem to me to be a potential issue.
> 
> Only if someone else can log in as that user.
> 
> It's been my experience that I didn't need to fix display access, but
> maybe it's because typically I'm switching to root.  But if you need
> to, it's not hard... just arcane.
...
> xauth add myhost/unix:0  MIT-MAGIC-COOKIE-1 <cookie_value>
> 
> Should now work fine, without allowing access to anyone else on the
> box.  Just tested it in my Ubuntu VM, closed WORKSFORME. ;-)

I figured Bill was concerned with an exploit owning firefox and
being able to run arbitrary code as that user. Arbitrary code would
include Xlib calls so they're home free. You'd need to give your
unprivileged user untrusted access to the xserver to be safer. See
xauth(1), the generate command and the untrusted argument to it.
That brings the SECURITY extension into play, restricting their
access to the XServer and limiting which X extensions can be used.
Give it a try, but I'm not sure you'll be happy with the resulting
behaviour of firefox or your ability to use the clipboard or
selection. There's also something called XACE, but I couldn't
make heads or tails of it. Sounds like SELinux in terms of 
complexity.

On the memory topic, I tried dillo this morning again. VSZ around 4MB,
but maybe not up to most of what you'd want to throw at it. It may
be loading everything sequentially in a single thread too. Pretty 
slow bringing up pages compared to firefox (when not swapping).

-- 
smallm at sdf.org
SDF Public Access UNIX System - http://sdf.org



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org