Security and Javascript

• Previous message (by thread): Security and Javascript
• Next message (by thread): Security and Javascript
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

simo <s at ssimo.org> writes:
> sandbox -X runs everything into a nested X server (Xephyr here) run
> explicitly for the application, so that the app does not have direct
> access to the outer X server.

Interesting, I'd like to try that out and evaluate its security and
usability. I can't find "sandbox" binary in Debian, is it perhaps under
some other name or should I build it from source?

> Although there was a feature (XACE) to make the X server more secure I
> do no think it ever worked well enough. I think the only good solution
> will be to use wayland once it is good enough. Its model isolates each
> process and is much better from a security pov from what I've been told
> so far.

Indeed. The only working models that I have seen are Qubes OS and just
using xpra/vnc with virtual machine/another user.

-Timo

• Previous message (by thread): Security and Javascript
• Next message (by thread): Security and Javascript
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]