On 08/19/2010 05:47 PM, Stephen Smalley wrote:
It prevents the client application from directly communicating with
the
top-level Xorg server. In the case of the bug you cited, they have to
first escalate access and gain code execution within Xephyr before they
can mount the attack on the top-level Xorg server, rather than being
able to directly attack the top-level Xorg server from the client app.
I see. I thought Xephyr and the sandboxed program run within the same
domain, but looking at the process table made it clear.
The logical next question would be: How confined is xserver_t actually? ;)
Curious as to whether they in fact wrote a successful exploit that
did
that, or just pointed out that it is theoretically possible.
I was also curious and asked on their blog, but didn't get a response.
thanks for your explanations,
Christoph