top | item 44803616

(no title)

farkin88 | 6 months ago

X11's SECURITY extension was its long-forgotten stab at sandboxing: flip a bit and every client is either trusted or untrusted. It does kill trivial key-logging, but it also breaks the clipboard, disables GLX and makes various apps fall over, leaving the desktop unusable while Firefox somehow works just fine. A cool reminder that X11 could've had proper sandboxing 25 years ago, but the UX cost sank it and Wayland is the lifeboat now.

discuss

rnhmjoj|6 months ago

It's worth mentioning that the X11Libre fork of X.org has recently added the Xnamespace extension [1], which is inspired by this. Instead of a single bit trusted/untrusted it allows to isolate clients into containers where interactions are restricted to be within the same container only.

[1]: https://github.com/X11Libre/xserver/blob/master/doc/Xnamespa...

farkin88|6 months ago

Thanks for sharing. That's really cool.