I somehow missed that:
The point is that the protocols that "secure X sessions in a multi-user environment" simply say who can have access to the session and who doesn't and everybody who does can do as they please. Which is why if you can run an X application in a given session you can snoop on the keystrokes from any other application regardless of the user running it. This type of all-or-nothing access controls is precisely the main problem being discussed here.
And I don't think the analogy to ecryptfs makes sense since with an encrypted file system you only give the key to the kernel and it will still enforce proper access controls for the non-root users. You don't need to give a potentially malicious application the key in order for it to access some files.
Also with regards to this:
I can't say I agree with this since first you complain about me being "theoretical" and "paranoid" but then you object to me posting practical code. But it does say "forums admin" on your uniform , so I will respect that request with regards to posting actual code.
Bookmarks