Re: Sandboxing
- From: Matt Piechota <piechota@xxxxxxxxxxx>
- Date: Thu, 9 Nov 2006 13:48:09 -0500 (EST)
On Thu, 9 Nov 2006, Lowell Gilbert wrote:
Seriously, though, while Erik Trulsson was correct in pointing out the
difference between an X client and an X server (only the latter has
direct access to memory), X clients do have fairly privileged access
to the server, and I don't have a lot of confidence in the safety of a
sandboxed application running in a normal X session. It's certainly
Perhaps one would use Xvnc to eliminate issues with the client mucking around in the X server space? I assume that Xvnc/vncviewer do not just pass the X calls to the local server though.
It seems like while jails, vnc, and sandboxes may work, the safest method is to run in a VM as you mentioned.
--
Matt Piechota
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Sandboxing
- From: mal content
- Re: Sandboxing
- From: mal content
- Re: Sandboxing
- From: Lowell Gilbert
- Re: Sandboxing
- From: Erik Trulsson
- Re: Sandboxing
- From: mal content
- Re: Sandboxing
- From: Lowell Gilbert
- Sandboxing
- Prev by Date: Re: Sandboxing
- Next by Date: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
- Previous by thread: Re: Sandboxing
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive
- Index(es):
Relevant Pages
|
|
