From owner-freebsd-security@FreeBSD.ORG  Thu Nov  9 18:48:15 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3D2FA16A40F
	for <freebsd-security@freebsd.org>;
	Thu,  9 Nov 2006 18:48:15 +0000 (UTC)
	(envelope-from piechota@argolis.org)
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A01A43D45
	for <freebsd-security@freebsd.org>;
	Thu,  9 Nov 2006 18:48:12 +0000 (GMT)
	(envelope-from piechota@argolis.org)
Received: from acropolis.argolis.org ([71.224.141.16])
	by comcast.net (rwcrmhc11) with ESMTP
	id <20061109184811m1100ne9u2e>; Thu, 9 Nov 2006 18:48:11 +0000
Received: from acropolis.argolis.org (localhost [127.0.0.1])
	by acropolis.argolis.org (8.13.6/8.13.6) with ESMTP id kA9ImAnk032643; 
	Thu, 9 Nov 2006 13:48:10 -0500 (EST)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)
	by acropolis.argolis.org (8.13.6/8.13.6/Submit) with ESMTP id
	kA9Im9lO032640; Thu, 9 Nov 2006 13:48:09 -0500 (EST)
	(envelope-from piechota@argolis.org)
X-Authentication-Warning: acropolis.argolis.org: piechota owned process doing
	-bs
Date: Thu, 9 Nov 2006 13:48:09 -0500 (EST)
From: Matt Piechota <piechota@argolis.org>
To: freebsd-security@freebsd.org
In-Reply-To: <44slgs3cdy.fsf@be-well.ilk.org>
Message-ID: <20061109134144.P21928@acropolis.argolis.org>
References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com>
	<8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com>
	<44irhq6ngd.fsf@be-well.ilk.org>
	<20061108142306.GA64711@owl.midgard.homeip.net>
	<8e96a0b90611082359jbc85b37kad6109a0aa87598@mail.gmail.com>
	<44slgs3cdy.fsf@be-well.ilk.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: mal content <artifact.one@googlemail.com>
Subject: Re: Sandboxing
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2006 18:48:15 -0000

On Thu, 9 Nov 2006, Lowell Gilbert wrote:

> Seriously, though, while Erik Trulsson was correct in pointing out the
> difference between an X client and an X server (only the latter has
> direct access to memory), X clients do have fairly privileged access
> to the server, and I don't have a lot of confidence in the safety of a
> sandboxed application running in a normal X session.  It's certainly

Perhaps one would use Xvnc to eliminate issues with the client mucking 
around in the X server space?  I assume that Xvnc/vncviewer do not just 
pass the X calls to the local server though.

It seems like while jails, vnc, and sandboxes may work, the safest method 
is to run in a VM as you mentioned.

-- 
Matt Piechota