xcage

Overview

xcage is a simple script which makes running untrusted graphical programs in an X ‘sandbox’ easy. It uses Xnest to start a wholly self-contained X session running inside the current X session, and then executes a given command as a different user. To get an idea of what use of xcage looks like in practise, have a look at a screenshot of it running, with KDE as the window manager of the normal user and FVWM running inside the Xnest cage. This script requires sudo.

Advantages
  • Much more secure than using e.g. ssh -Y -l $user localhost.
  • Easily configured to run arbitrary command as an arbitrary user.
  • Defaults can be setup in ~/.xcagerc but over-ridden on the command-line.
  • Runs at close-to-normal speed - much faster than VNC and similar systems.
Disadvantages
  • Xnest can be buggy (depending, it seems at least in part, on the X driver and how demanding your nested window manager is).
  • Only runs on localhost.
  • Can’t copy and paste between ‘main’ and ‘caged’ X session (from a security point of view this is an advantage, but it can be annoying if you’re not anticipating it).

Download

Download the latest version.

xcage is part of my bin repository; you can track xcage's evolution via git.

Usage

The command-line arguments are as follows:
xcage [-c <cmd>] [-u <user>] [-- <arguments for Xnest>]
Where: <cmd> is the command to run when the caged X session is started (typically this will be a window manager); <user> is the user to run the command as; and <arguments for Xnest> are arguments to pass straight to Xnest. For example, if you wish to start an fvwm instance as user ft running at 1280 by 1024:
xcage -c fvwm -u ft -- -geometry 1280x1024
Defaults can be set using the ~/.xcagerc file which is a shell file included into xcage. The following variables can be set:
userEquivalent to the -u <user> argument.
cmdEquivalent to the -c <cmd> argument.
xnest_argsEquivalent to the <arguments for Xnest> argument
An example ~/.xcagerc file is as follows:
user="ft"
cmd="fvwm"
xnest_args="-geometry 1280x1024"

See also

xcage was inspired by xsandbox. xcage aims to build upon xsandbox's strengths whilst also a) being more flexible in configuration and b) ensuring that the command run in the Xnest is run as if it was a genuine shell login.