The X Supervisor extension provides a new security model for the X Windowing System, mostly based on the already existing model of the X Security extension. Using the X Supervisor extension it is possible to run untrusted X clients within a highly-configurable sandbox, and to do it in a convenient way. In the rationale it is shown that, in some cases (e.g. when using OpenSSH X11 fowarding or other tunnelling tools), the use of some sort of sandbox is mandatory if we care about security.
This extension has the following goals:
It is not difficult to see that these goals are contradictory and therefore can not be achieved simultaneously. For instance, security conflicts with convenience, and flexibility conflicts with performance. This extension should aim to reach a reasonable compromise among these goals.
In the rationale the following arguments are discussed:
Discussion about changes is encouraged at this time. Both the protocol and the library interface could be modified without notice. If you want to contribute to this project, please contact zunrob.
A preliminary protocol specification is available.
A sample implementation of the extension is provided as a patch to the popular XFree86 X server. A primitive supervisor client and a patch to OpenSSH are also being developed. See the installing instructions for further information about how to use the sample implementation.
Unless otherwise specified, all the code is licensed under this MIT-style license. The OpenSSH patch is released under the BSD-style license used by OpenSSH.
Since this is an X protocol extension and not an X application, there are no screenshots. There are, however, some images of a proof-of-concept application that uses the extension is the rationale section.
See the project summary page for further information about this project.
Thanks to SourceForge for hosting this project
Last update: 24 Oct 2002 by
zunrob