XPost: comp.sys.raspberry-pi, alt.os.linux.mageia   
   From: steveo@eircom.net   
      
   On Sat, 9 Dec 2023 13:39:16 -0600   
   Grant Taylor  wrote:   
      
   > On 12/9/23 12:57, Ahem A Rivet's Shot wrote:   
   > > 	Or shut everything else down while doing private stuff. It's   
   > > hard to prevent screen scraping and key logging. If someone can get a   
   > > keylogger into one account they can probably get it into all accounts.   
   >   
   > Providing any access to an X11 display server is tantamount to a key /   
   > screen logger.  It's actually worse than /just/ a logger in that it can   
   > be a writer too.   
      
   	This is true, and there are applications which depend on it.   
      
   	One way to isolate applications completely would be to run each   
   application in its own VM with its own X11 display (or Wayland) all   
   displayed in a real X11 display that does nothing but run VNC viewers to   
   the VMs. Nothing but a minimal window manager that launches VM sessions   
   runs in the real X11 display. This does require users to be able to launch   
   VMs - preferably ones that cannot be accessed by other users, if needs be a   
   setuid tool could be used I suppose.   
      
   --   
   Steve O'Hara-Smith   
   Odds and Ends at http://www.sohara.org/   
   Host: Beautiful Theory meet Inconvenient Fact   
   Obit: Beautiful Theory died today of factual inconsistency   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)