Hello, I have 3 security-related questions: (1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure Attention Key, or SAK) to prevent malware (or a website in fullscreen, for example) from faking a logout process and/or faking a login prompt? On Windows the kernel ensures that the operating system captures this key combination and takes over with a real login prompt that malware can't fake without first defeating the OS security. (2) I've learned that X11 allows locally running malware to sniff the keystrokes input to any other X11-using app running under any user. Does Xenocara/rootless X on OpenBSD prevent or limit this? (3) I saw that Chromium, Firefox, and Tor Browser on OpenBSD (at least when installed from the OpenBSD package manager/ports) are sandboxed with pledge(2) and unveil(2). Are there any other major apps, especially that commonly accept untrusted input, that are also sandboxed like that on OpenBSD? Especially email clients, media players, word processors, apps to send/receive/sync files, etc.
Thank you.
