Re: [tor-dev] More tor browser sandboxing fun.

There is VM's, and Multiple X server can isolate on up to all available vty's. There is also program shipped by X11 called Xnest. But the more concern than apps and keyboards above, is probably the driver / kernel portion of security surface. ___ tor-dev

Re: [tor-dev] More tor browser sandboxing fun.

On Wed, 21 Sep 2016 23:31:27 +0200 Stanisław Kosma wrote: > At this point no further audit of X11 is necessary. It is well > understood that it is insecure by design. In fact why would you need > an audit, take look at X11 API for yourself: > * X11 client: Please send me all

Re: [tor-dev] More tor browser sandboxing fun.

On 21.09.2016 19:57, grarpamp wrote: > On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel > wrote: >> Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser > >> X11 is a huge mess of utter fail. Since the sandboxed processes get direct >> access to the host X

Re: [tor-dev] More tor browser sandboxing fun.

On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel wrote: > Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser > X11 is a huge mess of utter fail. Since the sandboxed processes get direct > access to the host X server, this is an exploitation vector. Is

[tor-dev] More tor browser sandboxing fun.

Hi, Note: * Don't use this unless you are capable of debugging it. * Don't use this if you need strong security (though the author believes it is an improvement over unsandboxed Tor Browser, and the previous sandboxing attempts). * Don't re-package it, it's not ready for that. In