Re: [gentoo-hardened] hardened workstation - is that worth it?

["Javier Martínez" <tazok.id0@gmail.com>]

He always could keep running X-window and his window manager (both) in
a chrooted environment, he just protect extremely /dev/mem. Maybe he
would not need /proc filesystem. If security is important why don't
keep running the Xserver isolated (in a virtualbox for example and
hardened with rsbac) and remote users get logged in with xnest through
a ssl tunnel?. With those you get your untrusted users isolated from
main system.

In my opinion getting X-window running is bad in security concerns, by
this reasons:
- First: PaX should be disable in mprotect terms since Xorg needs it
(with it refuse to run) .
- Second: Access to /dev/mem have to be granted and get in mind that
CAP_SYS_RAWIO capability (between others) too, for this reason, one
bug in Xserver will give all control to the attacker (and keep in mind
that with access to /dev/mem all Selinux, rsbac and grsecurity
policies are wasted efforts). Since mprotect protections have to be
disabled pax could not protect you.
- Third: You must assure the access to the display, to make a
keylogger in x-window is easy if there is posibility to connect
untrusted clients to it.

2008/11/25 RB <aoz.syn@gmail.com>:
> On Tue, Nov 25, 2008 at 08:00, Jan Klod <janklodvan@gmail.com> wrote:
>> Suppose, I want to take some extra precautions and set up PaX&co and MAC on a
>> workstation with Xorg and other nice KDE apps (only some of which should be
>> granted access to files in folder X). I would like to read others opinion, if
>> I can get considerable security improvements or I will have to make that much
>> of exceptions to those good rules, as it makes protection too useless?
>
> KDE (and to a lesser extent X) pretty much nullifies most application
> isolation efforts you're going to make.  Even if you ran each
> application under a dedicated user and in its own chroot environment,
> the GUI provides IPC facilites that will readily bypass all your hard
> effort.  As with your other email, clicking a link in one app opens a
> browser window in another, regardless of what user separation you
> might have - KDE does this under the covers, since it's what most
> users would actually want, but you perceive it as a security breach.