|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sandboxing
From: Matt Piechota (piechota
argolis.org)
Date: Thu Nov 09 2006 - 12:48:09 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 9 Nov 2006, Lowell Gilbert wrote:
> Seriously, though, while Erik Trulsson was correct in pointing out the
> difference between an X client and an X server (only the latter has
> direct access to memory), X clients do have fairly privileged access
> to the server, and I don't have a lot of confidence in the safety of a
> sandboxed application running in a normal X session. It's certainly
Perhaps one would use Xvnc to eliminate issues with the client mucking
around in the X server space? I assume that Xvnc/vncviewer do not just
pass the X calls to the local server though.
It seems like while jails, vnc, and sandboxes may work, the safest method
is to run in a VM as you mentioned.
--
Matt Piechota
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]