[LUNI] MSIE 6 on Kubuntu

[Martin Maney]

On Sun, Jun 24, 2007 at 10:06:37AM -0700, Mike Scott wrote:
> I have set the DISPLAY variable in the windows session to :0.0, but the
> only way I can get it to work is to completely turn off access control
> using "xhost +" from my user logon.
> If I try "xhost +localhost" or xhost +path" (the hostname of the box) it
> won't work.
> 
> Any suggestions?

Yeah, sux got it running, but it does the same thing as xhost + w.r.t.
opening access from the su'd process to your X server.  So if you're
worried about the possibility of something that attacks IE that then
abuses that access, you might want to run the IE-using account only in
its own X context.  This isn't really so hard, but it's not a common
trick.

1) login to a console (text screen) as the sandbox user
2) startx -- :1
3) enjoy running the sandbox in its own X server

Drawbacks are that, of course, the sandbox is in its own separate
screen rather than a window on your normal desktop; at least on the
older ATI video I just tested it on the second screen doesn't get the
benefit of acceleration (I think this is usually the case unless you
run a second video card for the separate X servers); and it still does
get direct access to the video chipset through the X driver, of course,
so it can mess that up, but that's no more than a DOS...

Probably not worth the effort if your dislike of xhost + wasn't just
that it's well worth avoiding in an untrusted environment (then again,
I don't know where you're trying to do this; maybe that is a serious
concern).  But sometimes this is just the trick you want.

-- 
That is the real business of communication - finding out stuff.
And it certainly can happen in reading too, but there is this difference:
in communication that's all that happens;
in reading it is the barest beginning.  -- Richard Mitchell