From owner-freebsd-x11@freebsd.org  Mon Aug 29 08:51:17 2016
Return-Path: <owner-freebsd-x11@freebsd.org>
Delivered-To: freebsd-x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8692ABC76E7
 for <freebsd-x11@mailman.ysv.freebsd.org>;
 Mon, 29 Aug 2016 08:51:17 +0000 (UTC) (envelope-from crest@rlwinm.de)
Received: from smtp.rlwinm.de (smtp.rlwinm.de [IPv6:2a01:4f8:201:31ef::e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5387FC87
 for <freebsd-x11@freebsd.org>; Mon, 29 Aug 2016 08:51:17 +0000 (UTC)
 (envelope-from crest@rlwinm.de)
Received: from vader9.bultmann.eu (unknown [87.253.189.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.rlwinm.de (Postfix) with ESMTPSA id C78721063B
 for <freebsd-x11@freebsd.org>; Mon, 29 Aug 2016 10:51:06 +0200 (CEST)
Subject: Re: making X secure?
To: freebsd-x11@freebsd.org
References: <57C2D94D.7040906@yahoo.com>
From: Jan Bramkamp <crest@rlwinm.de>
Message-ID: <e9faebc3-8e41-f3ce-83b2-2efd58e41e54@rlwinm.de>
Date: Mon, 29 Aug 2016 10:51:06 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <57C2D94D.7040906@yahoo.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-x11@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: X11 on FreeBSD -- maintaining and support <freebsd-x11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-x11/>
List-Post: <mailto:freebsd-x11@freebsd.org>
List-Help: <mailto:freebsd-x11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2016 08:51:17 -0000

On 28/08/16 14:30, Jules Gilbert via freebsd-x11 wrote:
> Is this possible?, can X be made secure??
>
> I need X for the Mozilla application family.  Are those weak from a
> security perspective?
>
> At the moment I'm doing other stuff and (this may be a foolish
> thought...,) would accept a quick fix.  Probably a really bad idea, I
> know.  But someone who's apparently good at this has hacked several
> releases of FreeBSD and OpenBSD.  About OpenBSD, as soon as one adds
> (for me, necessary,) applications, it's not as advertised.
>
> Okay, one more time.  Can X be made secure?

X.org has an enormous attack surface and compromising the X11 server can 
allow you to capture all user input (including passwords). You can run a 
nested X11 server to reduce the attack surface and gain some defense in 
depth. You can also run Firefox and/or Thunderbird in a jail. The next 
step would probably be shipping audit records to a remote system with 
auditdistd. You can further lock down the jail with MAC modules if you 
like to play a few rounds of whack a mole with your applications.