How do you deal with the fact that pretty much all your X11 clients have access to all keyboard and mouse input all the...

How do you deal with the fact that pretty much all your X11 clients have access to all keyboard and mouse input all the time and other clients surfaces?
Because this meaning its easy to make spyware that logs pretty much everything you do including keyloggers, screenshots to the whole desktop or any running client, what you clic, you name it.
Of course it has advantages like making software that need to access other client surfaces or sending fake input is easier, this can be really advantageous. But is that worth it if you can't easily sandbox graphical applications under any X11 server?

Attached: xorg-logo.png (300x240, 8K)

Other urls found in this thread:

wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail
firejail.wordpress.com/documentation-2/x11-guide/
informit.com/articles/article.aspx?p=1552774&seqNum=5
lwn.net/Articles/13868/
arcan-fe.com/
twitter.com/SFWRedditVideos

Wayland

is it our only hope?

GNU is spyware. This is common fact already. Install openBSD.

You can use Firejail+Xephyr. This guide's specifically for Firefox but you can adapt it to other GUI applications.
wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail

>Because this meaning its easy to make spyware that logs pretty much everything you do including keyloggers, screenshots to the whole desktop or any running client, what you clic, you name it.

ok, how would you do that without root privileges?

None of that requires root privileges.

you can literally run everything in it's own X11 if you care that much, which takes like 5mb of ram per run.

every OS has the issue of always being able to see keyboard input, though. welcome to how OS's work

>GNU is spyware
>This is common fact already.
>Install OpenBSD
Who let you out of your mental institute?

What are you hiding?

Will try that guide specifically, gentoo has some really good wiki pages, and i only read the short tutorial on firejail's page firejail.wordpress.com/documentation-2/x11-guide/
Did tried it tho but firejail 0.9.54 works like shit on lubuntu 16.04 without pulseaudio, lots of software crashes except with Xephyr, with Xephyr though i had a noticeable drop in performance in minetest, and minetest would not grab the mouse or keyboard once the actual game was started.
Have you tried this method of "xorg sandboxing" yourself? Had any noticeable performance drop or any other issues?

Doesn't openBSD use xorg as well?
What exactly would I accomplish by using openBSD if I'm concerned at the difficulty of sandboxing graphical applications?

>ok, how would you do that without root privileges?
I literally made a bot that would take "screenshots" of a game and send fake input by taking advantage of how easy was to do that with x11. None of that needed any special privileges other than being able to connect to the same x11 server that the game was running on.

This didn't bother me at the time and i though xorg was cool because of this, but now that I'm trying to make a fairly safe sandbox it concerns me that a keylogger inside a sandbox can still log everything, or even take screenshots, try this for yourself, use the sandbox technology of your preference and run gimp or some screenshot application and take a screenshot, you'll notice how this application can take a screenshot of the whole desktop even though it's inside a sandbox (this is of course as long as the sandboxed application is connected to the same x11 server as the desktop).

I'm trying to run windows software under wine, don't bother about downloading literal spyware and being able to easily clean whatever mess the contained virus might make.

Also run Discord in a somewhat safe way since my clan requires me to use it for communication. Ironically a clan of an open source game.

>you can literally run everything in it's own X11 if you care that much, which takes like 5mb of ram per run.
You mean like having multiple x11 servers running on multiple screens (that I know it wont take much ram and probably not much CPU juice)? Maybe like 2 servers one for trusted software and one for all the untrusted sandboxed software, and change screens with Ctrl+Alt+F#. That could work for me, could sleep at night as long as the x11 server for the untrusted software have no way of accessing anything on the x11 for trusted software.

>every OS has the issue of always being able to see keyboard input, though. welcome to how OS's work
I figure that was probably the case, I'm just glad that I can probably find a workaround in my favorite OS, which is any open source OS, but currently Linux because drivers.

yes you can do that, but you can also just run X11 with a virtual desktop for the application, and the virtual desktop is the exact size of your resize window.. and then that application is "full screen" in that virtual desktop. So it looks and acts identical to if it wasn't on it's own X11

firejail also works extremely well as someone else linked.

macOS doesn't have this problem™.

>macOS doesn't have this problem™
lies

yes it does, lol

>you can also just run X11 with a virtual desktop for the application, and the virtual desktop is the exact size of your resize window.. and then that application is "full screen" in that virtual desktop
What the fuck. You mean kinda what using Firejail with Xephyr looks like?

yea, xyphyr is doing exactly that
a lot of idiots use VNC and VNC into their own machine to run multi X instance.. idk why.... that is really stupid

Not them but I'm pretty sure it doesn't use X11 anymore.

If the OS didn't work like that, alt tab, scrolling, etc wouldn't work because the focus of a software wouldn't work the same way
and keyloggers would not exist

Gayland is shit. X is still the king and it's easy to open multiple X sessions and switch between them, even as distinct users.

Quartz Compositor™

>what is ptrace
>what is /proc/*/mem
If you've got malware running as your own user, you're fucked with or without X

mac has used Quartz since the dawn of time, but it isn't different and it doesn't handle input differently. The entire OS can see it still. Same with windows.

LMAO at this FUD. If you have a compromised program running on your X server, there are a million other ways they could fuck you over besides capturing your input.

informit.com/articles/article.aspx?p=1552774&seqNum=5

looks like it's worse or the same in every category

>Feb 5, 2010

Attached: 1510074798330.jpg (796x691, 99K)

>install OpenBSD
>but OpenBSD uses xorg too, and I'm vulnerable to the same exploits
>wait a minute, OpenBSD has no mainstream nor up to date applications whatsoever
>no applications = no vulnerabilities
>??
enjoy

>malware running as your own user
I crafted myself a script that configures a separate user with pretty much access to only hardware acceleration, audio, internet access if needed and x11, then change to this separated user and run whatever application with firejail.
All I have to do is run "sudo script "mode" "sandbox_folder" "command".
I still consider myself pretty noobie though, specially when it comes to security, don't know what you mean with ptrace or /proc/*/mem for example but will take a look into them.

not OP
what are those?

based and redpilled: X.
cringe and s᠋o᠋y᠋boy: wayland.

One of my concerns is performance, it seems to me a separate x11 server would have less performance penalty, but i'll try both ways.
I was wondering how has Xephyr worked for you performance wise and if you notice additional latency.

>it's easy to open multiple X sessions and switch between them, even as distinct users.
Can someone help me with X wording here? is starting an "X sessions" the same as starting an "X server"?
I don't know why but I had the idea "X sessions" could live in the same "X server"

>I don't know why but I had the idea "X sessions" could live in the same "X server"
nope
>is starting an "X sessions" the same as starting an "X server"?
yes

theo has railed about X security for ages

pic related is some mitigations in OpenBSD (which I'm sure other *NIXes have implemented by now)

dunno if they'll move to wayland at some point

Attached: Screenshot at 2018-08-13 22-40-07.png (1052x402, 75K)

>it's easy to open multiple X sessions
That's stupid, unnecessary, and doesn't play well with all applications.

That isn't FUD you fucking retard. It's a legitimate security concern that any application without root access can literally spy on everything you are doing in real-time.

And despite all your attempts of spreading panic, nothing happend.

Ever.

your moms a legitimate security concern

I only have one mom, but thanks for your concern.

OP here, this basically. Of course we could also go full Tanenbaum and start talking about microkernels, have everything on user space, self healing systems. All for the sake of security and stability. But lets make one step at a time, im having issues just trying to sandbox x11.

Theo's comments are more in regards to the architecture of X in regards to system privileges, and has done a lot of work to mitigate this. The userspace as described by OP is a separate issue and is a general userspace issue, not an X specific issue. For instance, a running process could read the tty a user shell is on even if they were on a serial connection.

Unix philosophy does have partitioning for this sort of security, distinct users. Users are free and easy to switch between with su or such.

The real issue is current OS implementations sacrifice hardware-enforced protection domains for the sake of performance. Context switches cost cycles, but as we've discovered not switching context leads to multiple side-channel attacks like meltdown and spectre.

Modern systems are way too complex for the simple ring0/ring3 split. The kernel should be viewed more as a hypervisor running virtual machines, such as python, java, web browser. These VMs should in turn have access to domain their children which would have totally mitigated spectre, on AMD at least.

It may be that the future is indeed microkernel, maybe GNU/Hurd will have its day!

There has been some attempts at this in the past.

lwn.net/Articles/13868/

OpenBSD uses their own version of xorg, xenocara, Still have to deal with the design of X but at least Theo and his goons are monitoring this one.

>How do you deal with the fact that pretty much all your X11 clients have access to all keyboard and mouse input all the time and other clients surfaces?
I run free software from reputable sources. On my computer the answer to "how to do x" is "install y from the repo and run z". I could run separate Xorg instances if I wanted to, but if I don't trust a program not to keylog and send the data home, then I don't install it.

Attached: 1532556575370.jpg (512x768, 93K)

>I run free software from reputable sources
I tried this, I really this. I ended up really hooked up on an open source game and joined a clan, at first everything was perfect and we used mumble for communication.
But then Discord came and most eventually switched, so I'm now left with either use Discord or not being able to participate in tournaments because voice communication is crucial and most use Discord and don't listen to the very few that liked Mumble better.

But I'm not running Discord at all if it can take screenshots and read everything i type (even outside of Discord). Not top security i know, but better than just running Discord as if it was any other application or missing tournaments.

>All software bugs and design issues get fixed after just 8 years
Why don't you just prove mac os apps don't have access to other apps visuals and input already? Should be easy if you're so sure.

>>multiple X sessions
>doesn't play well with all applications.
Really? These applications are as much as the ones that don't play well with X SECURITY extension? Know of any such application? I wouldn't had expected that, thought running multiple X sessions would be more transparent.

Freedom ain't free.

Better just to run microshit windaids then which leaves no doubt that all your keystrokes are being fed to spyware.

I heard Wayland is not immune to keyloggers

(If not combined with sandboxes)

I realize that OP scenario caused an OCD shitfit in the wayland developers, but honestly has there ever been any single event of this being exploited? Where are the malicious x clients?

I like this paragraph from the gentoo wiki:
>Furthermore — hardening tools such as AppArmor notwithstanding — the very design of the X11 display server underpinning most Linux desktops means that a compromised application can easily log all keystrokes, capture images of the screen, and even inject key and mouse events into any other application running on the same display — and that's just when running as the regular user, without privilege escalation.
>As such, the consequence of even a modest compromise of the web browser on your system can be devastating.

why are microkernels so difficult to implement?

Attached: 1525549428349.png (639x360, 171K)

They're not. It's just that muh performance autisms and their stupid benchmarks are why we can't have nice things. If they designed cars we'd be driving race cars that are really fast but blow up all the time and no safety features so when you randomly spear off the road you cause thousands in damage and mayhem.

>Freedom ain't free.
What you mean? I literally used to run Trisquel and all, for two god damn years and even one whole year using only nouveau for my gtx650, that was quite a experience, not going back.
I have a different philosophy now, i don't think anyone should just trust a piece of software just because its open source, i would of course trust way more an open source piece of software than a closed source, but i no longer think anyone should base their security on only license and source code availability.

Why don't you just prove mac os apps have access to other apps visuals and input already? Should be easy if you're so sure.

just so theres no doubt. Right? lol

No, claimed that "macOS doesn't have this problem" hes the one who has to prove his claim

I hope minix 3 keeps progressing and porting more and more applications, just to see how big can the performance penalty be

Is this what a cia nigger looks like?

>Modern systems are way too complex for the simple ring0/ring3 split.
Fucking Intel and their ME shit, probably interests coming from above intel though

Because Tanenbaum didn't spread his seed enough

Who's talking about security? Sometimes freedom requires inconvenience. Do you think that barveheart would have preferred to not been Hung drawn and quartered? All he had to do was give up freedom. No, he took having his guts and cock cut out like a man and died free.

>What you mean?
It means that principles have a cost. In this case the cost is not running a trojan horse called discord. He could find or create a new group that used free communication software. If the game really respects the user's freedom he could take steps to have voice chat built in to the game.

Using only free software is only one step in avoiding malware. You are right about this. However if software is proprietary, then it is malware. If the software author is not providing the source then they are by definition hiding something. If someone doesn't want you to know what the software on your computer is doing, then you should never trust them.

Thank you Stallman, but I would rather have an open source Discord like software, i really think if there was one piece of software that combined all the good things of IRC (webchat, big groups), Mumble (low latency voice), and tox (easy file sharing) I could easily move most people I know that are using Discord to something else. Having a web client is way more important than i thought for migrating users. I have yet to try GNU Ring but sadly they still don't have a web client, with just that addition i think it could gain users quickly.
Also I don't like Discord, I admit it has nice features sure, but its still a resource hog that can't be trusted at all. I did tried to move my clan back to Mumble, but they just believe Discord has some needed features for fluid communication and they won't settle for less.

At any rate open source or not the original post is still relevant and there should still exists and effort in both, better sandboxing AND an IRC+Mumble+Tox+Web Client application, lets forget about a complete Discord replacement because it can be better.

There's always Matrix. All it really needs is a better client than Riot now. I bet Purism will come up with a really nice Matrix client for the Librem 5.

There is also Arcan
arcan-fe.com/
It is an impressive project (almost entirely done by one person) with some nice concepts and the development blog is a good read

I was reading just a bit of their blog, is there a thing this can't do?

I hope so because i tried riot and it was total crap, it proves having a web client isn't the *only* importing thing lol

>Who's talking about security?
The thread is about security lol

It took him some decades to realize his mistake, now he is trying to build a community around Minix and has changed the license to BSD.

X11 network transparency rocks, fuck Basedland.

I don't think X sends events from one window to another windows or gives access to any of them in any other way.

Being used by more than 10 people in the world. Jokes aside It's a shame, that no one cares about it. Probably everybody proficient in the field of display servers has put to much effort into Wayland to look back for alternatives. The next release of arcan should be mostly about networking as far as I remember, a weak point of Wayland. I will probably try it again, if it looks promising

>hmm there's a perceived issue in this widely extant software that's been around for decades what do we do?
>a: fix the problem
>b: reinvent the wheel, badly

Too much of b lately.

X is absolutely horrible. I've got a 1070ti and X is never smooth compared to Windows. And yes, I've tried everything, literally everything. All kinds of configs, workarounds and whatever. X is just never smooth. And since I've got an nVidia card, I can't use wayland in the first place. I hate Windows but I'm stuck with it.

works fine, nothing noticeable. It is an X inside an X basically
I've played a game in it, the latency isn't noticeable it's a fraction of what monitor latencies are so I don't think it'd ever matter

All works fine for me out of the box on ubuntu. Hobbyist distros can die in a fire.

x doest send event directly other clients, they just have access to them so they can read them all.if they wanted, i think this thread is important because a lot of people dont know this

You can use Firejail with the nested X11 option. Now enjoy your snooping protection.

anyone else tried this with xpra? firejail tries xpra first with --x11 but i havent been able to make it work well, lots of applications randomly crash, people here seem to use xephyr is that because xpra is a piece of shit?

--x11 tries first xpra and if not available then xephyr
remove xpra, have xephyr installed and it should work

ill need more time to read about this because of all the things it does, but seems interesting.
i wonder how is the current state of wayland only system, can you now forward graphics over ssh?

yes but i was wondering if xpra even worked for anyone, my experience with it was so bad it made me doubt why firejail would try it first

great, i will definitely give this another try then, but in an updated distro and making sure its all configured as it should

this. ssh -X is just awesome and if Wayland doesn't have it its just proves its not ready yet

yes he took for granted that microkernels would be used everywhere because "its just the superior design"

Year of the Minix desktop when?

Attached: 654645454.png (1150x757, 439K)

probably not before the year of linux desktop

>Know of any such application?
It's possible it's been fixed, but I had 2 x-servers running simultaneously for awhile and I would have various applications (including Firefox) appear on the wrong x-server when launched.

Look into Mattermost. It's a Slack clone and Discord is basically also a Slack clone.

this seems really weird. did you got to know what was causing it and if it was a client issue and not a configuration issue? to me it looks like clients had access to connect to both x servers and some weren't configured correctly to use the x server they were supposed to

ill look into it, never heard of it. everything its worth a try if its open source, even if it doesn't have a web client yet, but at least support group conversation on mobile. antox for example still doesn't support that lol

Mattermost has a web client and a desktop and android client (maybe iOS also). It's a self-hosted plugin-based chat solution. I cannot vouch for the actual non-web clients though.

I see no problem as I know the software that runs on my personal computer.

And even the crippled Wayland allows for the same stuff. There was a POC keyloggers and since all the shit needed to have any semblance of X's functionality is in mandatory compositor, you can implement all the same stuff, including screenshots and what not.