Date: Thu, 9 Nov 2006 13:48:09 -0500 (EST) From: Matt Piechota <piechota@argolis.org> To: freebsd-security@freebsd.org Cc: mal content <artifact.one@googlemail.com> Subject: Re: Sandboxing Message-ID: <20061109134144.P21928@acropolis.argolis.org> In-Reply-To: <44slgs3cdy.fsf@be-well.ilk.org> References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com> <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com> <44irhq6ngd.fsf@be-well.ilk.org> <20061108142306.GA64711@owl.midgard.homeip.net> <8e96a0b90611082359jbc85b37kad6109a0aa87598@mail.gmail.com> <44slgs3cdy.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Nov 2006, Lowell Gilbert wrote: > Seriously, though, while Erik Trulsson was correct in pointing out the > difference between an X client and an X server (only the latter has > direct access to memory), X clients do have fairly privileged access > to the server, and I don't have a lot of confidence in the safety of a > sandboxed application running in a normal X session. It's certainly Perhaps one would use Xvnc to eliminate issues with the client mucking around in the X server space? I assume that Xvnc/vncviewer do not just pass the X calls to the local server though. It seems like while jails, vnc, and sandboxes may work, the safest method is to run in a VM as you mentioned. -- Matt Piechota
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061109134144.P21928>