xcage

RSS feed: whole site

Overview

xcage is a simple script which makes running untrusted graphical programs in an X ‘sandbox’ easy. It uses Xnest to start a wholly self-contained X session running inside the current X session, and then executes a given command as a different user. To get an idea of what use of xcage looks like in practise, have a look at a screenshot of it running, with KDE as the window manager of the normal user and FVWM running inside the Xnest cage. This script requires sudo.

AdvantagesDisadvantanges
Much more secure than using e.g. ssh -Y -l $user localhost.Xnest can be buggy (depending, it seems at least in part, on the X driver and how demanding your nested window manager is).

Easily configured to run arbitrary command as an arbitrary user.Only runs on localhost.

Defaults can be setup in ~/.xcagerc but over-ridden on the command-line.Can’t copy and paste between ‘main’ and ‘caged’ X session (from a security point of view this is an advantage, but it can be annoying if you’re not anticipating it).

Runs at close-to-normal speed - much faster than VNC and similar systems.

Download

Download the latest version.

xcage is part of my bin repository; you can track xcage’s evolution via git.

Usage

The command-line arguments are as follows:

xcage [-c <cmd>] [-u <user>] [-- <arguments for Xnest>]

Where: <cmd> is the command to run when the caged X session is started (typically this will be a window manager); <user> is the user to run the command as; and <arguments for Xnest> are arguments to pass straight to Xnest.

For example, if you wish to start an fvwm instance as user ft running at 1280 by 1024:

xcage -c fvwm -u ft -- -geometry 1280x1024

Defaults can be set using the ~/.xcagerc file which is a shell file included into xcage. The following variables can be set where: cmd maps to -c, user maps to -u, and xnest_args to -- <args>. An example ~/.xcagerc file is as follows:

user="ft"
cmd="fvwm"
xnest_args="-geometry 1280x1024"

See also

xcage was inspired by xsandbox. xcage aims to build upon xsandbox’s strengths whilst also a) being more flexible in configuration and b) ensuring that the command run in the Xnest is run as if it was a genuine shell login.