Re: setuid/setgid binaries contained in the Debian repository.
On Tue, Aug 19, 2003 at 01:14:33AM +0300, Richard Braakman wrote:
> This might be true for text-based games, though even they could reprogram
> the terminal in nasty ways. Games that use X11, however, will need
> access to the user's X session, and that basically gives them free
> reign. They'll be able to do fun things like listen to keypress events
> or paste text into an open xterm.
> If you do find a way to run graphical games in a separate uid, then let
> me know -- I'll want to use that for my web browser :-)
xauth -f someplace-else generate $DISPLAY . untrusted
It breaks some applications, though.