There is VM's, and
Multiple X server can isolate on up to all available vty's.
There is also program shipped by X11 called Xnest.
But the more concern than apps and keyboards above,
is probably the driver / kernel portion of security surface.
___
tor-dev
On Wed, 21 Sep 2016 23:31:27 +0200
Stanisław Kosma wrote:
> At this point no further audit of X11 is necessary. It is well
> understood that it is insecure by design. In fact why would you need
> an audit, take look at X11 API for yourself:
> * X11 client: Please send me all
On 21.09.2016 19:57, grarpamp wrote:
> On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel
> wrote:
>> Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
>
>> X11 is a huge mess of utter fail. Since the sandboxed processes get direct
>> access to the host X
On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel wrote:
> Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
> X11 is a huge mess of utter fail. Since the sandboxed processes get direct
> access to the host X server, this is an exploitation vector.
Is
Hi,
Note:
* Don't use this unless you are capable of debugging it.
* Don't use this if you need strong security (though the author
believes it is an improvement over unsandboxed Tor Browser, and the
previous sandboxing attempts).
* Don't re-package it, it's not ready for that.
In