[kde-linux] Security: starting an app as a different user

[Ul]

    When creating an application icon, in the Properties => Application 
tab => Advanced Options... (I'm using Debian Sarge KDE 3.3 here), there 
is the possibility to start the application as a different user. I'm 
wondering if this can be used as a security feature.

    Case in point: I have a closed-source GUI based binary application 
(Skype for example). I'd like to start it under KDE as a different user 
(e.g. a specific user "sandbox") that cannot access my own home 
directory. The goal is to make sure that the application cannot get 
access to any personal data. Now I'm pretty clueless about X-Windows 
security and wonder if this can work. If the sandbox application can 
snoop the keyboard events (and act as spyware)  for example, then this 
is not very useful...

    Could someone with X-Windows security knowledge tell me if this is 
doable (and how ;)? I personally find this could be a very useful 
feature. With KDE/Linux more and more common (engineers workstations 
where I work use KDE/Linux for example), there will be more binary-only 
applications. Sometimes you can use a compatible open-source application 
as a substitute but sometimes not. In the later case, being able to use 
the closed app in a controlled/sandbox way is nice from a security point 
of view (even if it's not spyware, it can have bugs that can be exploited).

    Please CC me directly in replies as I'm not a regular of the list. 
Feel free to forward to anybody that may care about this.

    Thanks!