On Fri, Jul 04, 2008 at 06:32:33PM +0000, corvid wrote:
Johannes wrote:
Also we could try to make dillo work nice as an untrusted X11 client. It almost works fine already btw.
What is involved in making it an untrusted client?
http://dailypackage.fedorabook.com/index.php?/archives/48-Wednesday-Why-Trus... Is a good article. Normally each X11 client can access/modify data of every other client. Untrusted clients are more restricted. Using this feature one can for example create a separate user "web" just for browsing and then do: ssh -X -l web localhost dillo-fltk Then if dillo-fltk get's compromised, the damage would be restricted to the web user. Cheers, Johannes PS: One can avoid the unnecessary encryption overhead of using ssh by doing some xauth(1) magic instead.