>I recall seeing an announcement of an X server that ran in a window
>under your regular X server; all that it could see (and therefore share
>w/ others connected to it) were windows & events within its own frame:
>
> +-------------------------------------------------+
> | Main X server's root window = your screen |
> | |
> | +----------------------+ |
> | | 2nd-ary X server's | |
> | +-------------+ | root window = this | |
> | | | | window. | |
> | | local app's | | +----------+ | |
> | | window | | |remote app| | |
> | | | | | window | | |
> | +-------------+ | +----------+ | |
> | +----------------------+ |
> | |
> +-------------------------------------------------+
>
>Comments on the security advantages of this? Or lack thereof?
>Presumably, an xkey connected to the secondary X server wouldn't be able
>to directly snoop the password you're typing into your local app
>window, e.g. I don't recall the product and whether or not is was a
>commercial offering. Anyone?
>
The product is called xnest, and is included in the distribution for
FreeBSD and i think Linux. Don't know about Sun or SGI. Part of the
X11R6 release.
If I remember right, xnest encapsulates all X-Window connections and
passes over one TCP port (some port < 1024 I think). This may provide
you with _some_ warm fuzzys, but whatever has to be done to your
clients to encrypt the session and pass the Magic_Cookie securely, is
beyond me...
At least, I don't remember the details....anyone?
____________________________________________________________________
/ Something happened in the Quantum Well, | NASA MOD AIS Security \
| An electron escaped & nearly fell | Engineering Team |
| Up, it went, partway & stopped, | --==8==-- |
| It froze & blinked - outside it popped! | Work : 713-282-3516 |
|-----------------------------------------| FAX : 713-282-2948 |
| morrison @
killerbee .
jsc .
nasa .
gov | --==8==-- |
| web: http://aset.rsoc.rockwell.com | Musician for hire |
\_________________________________________|__________________________/
Follow-Ups:
|
|
