Enrico Zini <[email protected]> writes: > ssh -X or -Y to a remote host, then run X apps.
Which requires that host allow remote logins, which creates a different sort of security issue. Also, tunneling a web browser over X is an unbelievably painful experience. > I've recently got worried about common practices I see around me, and > started considering running a "Hardening Debian Development" BOF at the > next Debian event I'm going to participate. The intention would be to > see how to address those issues, but with a strong awareness on > usability[5]. If someone would write up a good step-by-step guide for how to isolate one's web browser in a VM running on the same host, so that you can still get reasonable display performance but have a real separation boundary between the web browser and the rest of the system, I for one would be extremely grateful. The same technique would work for things like Skype. I'm sure it's possible, but I don't know enough about the various virtualization systems to be able to figure it out quickly, and I've yet to get interested enough to spend several days figuring out a method. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
