Quote Originally Posted by gpost3 View Post
oh and this thread should be "closed down". Bodhi is correct on all accounts. The ideas here are merely theoretical and actually have no practical implications...
I see it other way around: as long Adobe Flash player is closed source and widely used, it is _not_ a theoretical... (How many people advice - "do not install Adobe Flash player"?)

I could have userTrust for 'private/bank/credit cards' things. I could adjust home dir permissions - not readable for others.
Then, I could have another user - userBad. As userBad I could run Firefox with Adobe Flash plugin - adobe flash installed/enabled _only_ for userBad.
And the fun stops there - adobe flash have access to do key logging. Yes, it is me who install Adobe Flash and give permissions to X server.

Then I found, I could run Firefox+Adobe Flash in second (nested) X server (Xephyr), but in that case GLX does not work - performance is like if I remove/uninstall Adobe Flash.

For me, it is a security problem. I can understand if one X application/window can see all running X applications/windows (like to see the list of files)...
But ability to intercept the data designated for another X application/window (like to see the content of file/doc) - I do think it is not OK.


(note: I did try to read all old posts... sorry if I missed the point)