Comment by vladms
14 hours ago
I do not know since when (I am using it for couple of years), but in Arch, it is very simple to have two X sessions (by using "log out" > "switch user") for two different accounts, so switching it's just a Control-Alt-F7 away.
Additionally, one can make the main user part of the group of the development user, so that you can read/write easy in the development user account and it is even easier to share stuff.
It doesn't really matter which distribution you use, you can use approximately all the software with any distribution.
They mostly differ a bit in how they are configured and what package manager they use and how they roll out updates. (And in what's installed by default.)
Multiple X sessions has been possible for decades. I think its possible with Wayland too.
You can also start applications as another user so you do not even need multiple sessions.
There are quite a lot of privilege escalation attacks so I am not sure this is sufficiently solid.
It's off topic, and it was also possible for decades, but:
you can connect two sets of mouse, keyboard and monitor to one PC and have two people using it, each running their own X session. The true multi boxing!
You can also use X namespace
Possible and available without any specific configuration on my side (except creating the user) are different things. I know I managed it many years ago with some effort, but nowadays it was just available.
You are correct that it should not be seen as a perfect protection, but considering the effort to set it up I see it as worth it. By seeing in this thread how many people do not use anything similar (ex: containers, separate users, etc), I hope attackers will just be lazy and target those people first, why bother with a local privilege escalation when interesting data is just in the same account?