On Thu, 9 Nov 2006, Lowell Gilbert wrote:
Seriously, though, while Erik Trulsson was correct in pointing out the difference between an X client and an X server (only the latter has direct access to memory), X clients do have fairly privileged access to the server, and I don't have a lot of confidence in the safety of a sandboxed application running in a normal X session. It's certainly
Perhaps one would use Xvnc to eliminate issues with the client mucking around in the X server space? I assume that Xvnc/vncviewer do not just pass the X calls to the local server though.
It seems like while jails, vnc, and sandboxes may work, the safest method is to run in a VM as you mentioned.
-- Matt Piechota _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
