OP
- Thread Starter
- #226
Going a bit off-topic and daydreaming here:
I've been thinking about the possibility of adding some capsicum(4) to XLibre's ingredient list.
It is a hard task to do, and I'm currently busy enough with the ports and other stuff, but it is certainly a possibility, and if actualized would be tremendous for the security of X.
Moreover, with seatd in place there is now a whole new set of possibilities open for capsicum and it's file descriptor limits in there too.
So if a capsicum wizard is out there with some knowledge about the X server internals, and is willing to help the project it would be great.
First step that needs to be done is to centralize the open()(1) calls in DDX into the server with a exported wrapper function to then control in a more fine grain manor...
I've been thinking about the possibility of adding some capsicum(4) to XLibre's ingredient list.
It is a hard task to do, and I'm currently busy enough with the ports and other stuff, but it is certainly a possibility, and if actualized would be tremendous for the security of X.
Moreover, with seatd in place there is now a whole new set of possibilities open for capsicum and it's file descriptor limits in there too.
So if a capsicum wizard is out there with some knowledge about the X server internals, and is willing to help the project it would be great.
First step that needs to be done is to centralize the open()(1) calls in DDX into the server with a exported wrapper function to then control in a more fine grain manor...