[farkin88]

X11's SECURITY extension was its long-forgotten stab at sandboxing: flip a bit and every client is either trusted or untrusted. It does kill trivial key-logging, but it also breaks the clipboard, disables GLX and makes various apps fall over, leaving the desktop unusable while Firefox somehow works just fine. A cool reminder that X11 could've had proper sandboxing 25 years ago, but the UX cost sank it and Wayland is the lifeboat now.

[rnhmjoj]

It's worth mentioning that the X11Libre fork of X.org has recently added the Xnamespace extension [1], which is inspired by this. Instead of a single bit trusted/untrusted it allows to isolate clients into containers where interactions are restricted to be within the same container only.

[1]: https://github.com/X11Libre/xserver/blob/master/doc/Xnamespa...

[farkin88]

Thanks for sharing. That's really cool.